Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Dynamic Heuristic Analysis Tool for Detection of Unknown Malware
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
2016 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Context: In today's society virus makers have a large set of obfuscation tools to avoid classic signature detection used by antivirus software. Therefore there is a need to identify new and obfuscated viruses in a better way. One option is to look at the behaviour of a program by executing the program in a virtual environment to determine if it is malicious or benign. This approach is called dynamic heuristic analysis.

Objectives: In this study a new heuristic dynamic analysis tool for detecting unknown malware is proposed. The proposed implementation is evaluated against state-of-the-art in terms of accuracy.

Methods: The proposed implementation uses Cuckoo sandbox to collect the behavior of a software and a decision tree to classify the software as either malicious or benign. In addition, the implementation contains several custom programs to handle the interaction between the components.

Results: The experiment evaluating the implementation shows that an accuracy of 90% has been reached which is higher than 2 out of 3 state-of-the-art software.

Conclusions: We conclude that an implementation using Cuckoo and decision tree works well for classifying malware and that the proposed implementation has a high accuracy that could be increased in the future by including more samples in the training set.

Place, publisher, year, edition, pages
2016. , p. 56
Keywords [en]
dynamic heuristic analysis, heuristic analysis, detection, malware detection, unknown malware
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:bth-12859OAI: oai:DiVA.org:bth-12859DiVA, id: diva2:946970
Subject / course
DV1478 Bachelor Thesis in Computer Science
Educational program
DVGIS Security Engineering
Supervisors
Examiners
Available from: 2016-07-06 Created: 2016-07-06 Last updated: 2018-01-10Bibliographically approved

Open Access in DiVA

fulltext(485 kB)3188 downloads
File information
File name FULLTEXT02.pdfFile size 485 kBChecksum SHA-512
42a6c0872ca2d82ae21bb543bd2cdf6f9b8a240a37b7d29ef16b0beb22271d469af2d89e96f03edee8ab36797361e644e29f5e3dc75adea9f5255acd75816072
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Sokol, MaciejErnstsson, Joakim
By organisation
Department of Computer Science and Engineering
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 3188 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 909 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf