Planned maintenance
A system upgrade is planned for 24/9-2024, at 12:00-14:00. During this time DiVA will be unavailable.
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
The Development and Effectiveness of Malware Vaccination : An Experiment
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.
2020 (English)Independent thesis Advanced level (professional degree), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Background. The main problem that our master thesis is trying to reduce is malware infection. One method that can be used to accomplish this goal is based on the fact that most malware does not want to get caught by security programs and are actively trying to avoid them. To not get caught malware can check for the existence of security-related programs and artifacts before executing malicious code and depending on what they find, they will evaluate if the computer is worth infecting. The idea is that by identifying these checks we could "vaccinate" a system with data-points that trigger these checks and trick the malware into believing that a system is protected and skip it.

Objectives. This thesis will research common malware evasion techniques to find what data-points malware avoids and develop a vaccine with the found data-points. To test the effectiveness of the vaccine an experiment will be conducted where malware will be executed on different systems to observe their behavior.

Methods. The vaccine concept will be tested by gathering data-points with a background review of related works and performing an experiment. In the experiment a virtual machine without protective measures is used as a baseline which can be compared to a virtual machine with the vaccine. It is also interesting to see how a vaccine compares to an antivirus solution and how / if it would cooperate with an antivirus solution, so two more virtual machines are added to the experiment, one with just an antivirus software installed, and a second one with antivirus installed plus the vaccine. On these four systems, a set of malware will be executed and their behavior and activity (Windows API calls) will also be measured and compared.

Results. This experiment showed that our vaccine was effective in reducing malware behavior, 70% of the malware did reduce their activity when exposed to the vaccine compared to the baseline. The results also indicate that the vaccine was effective in cooperation with an antivirus program, 85% of the malware did reduce their activity on this virtual machine compared to the baseline.

Conclusions. From the results, we can conclude that of our created systems the system that reduced the most malware activity was the system with antivirus plus vaccine. This shows that vaccination can be a viable option for researchers to further study.

Place, publisher, year, edition, pages
2020. , p. 62
Keywords [en]
vaccine, data-points, malware
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:bth-19711OAI: oai:DiVA.org:bth-19711DiVA, id: diva2:1440225
External cooperation
Orange Cyberdefense
Subject / course
Degree Project in Master of Science in Engineering 30,0 hp
Educational program
DVACD Master of Science in Computer Security
Supervisors
Examiners
Available from: 2020-07-02 Created: 2020-06-13 Last updated: 2022-05-12Bibliographically approved

Open Access in DiVA

fulltext(544 kB)827 downloads
File information
File name FULLTEXT01.pdfFile size 544 kBChecksum SHA-512
65f19c8ef85168aa294a170472f0e539f1028c6f8aca6ae8b24b7610423cf6f3cf0b668de50211a47cadae79ab0439069fadd87ada1481e8f2a4a32d8bad5f4f
Type fulltextMimetype application/pdf

By organisation
Department of Computer Science
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 827 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 2637 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf