UT Institute of Computer Science Graduation Theses Registry

Name

Saad Usman Khan

Abstract

Over the years malware has increased in number and became increasingly harmful. Traditionally, anti-virus suites are used to protect the computers from various forms of malware. In recent years a new technique called “behavior based malware analysis” has become famous which overcomes some of shortcomings of traditional anti-virus suites. Just like antivirus suites require signatures, behavior analysis systems require pattern groups for malware identification. This thesis presents the design and implementation of a Malware Pattern Generator (MPG). MPG is built to automatically generate behavior based pattern groups from a given malicious dataset. MPG uses hierarchical clustering to find similarities between malware and extracts the similarities to generate pattern groups. Three variants of MPG are developed during the work on this thesis and the results of their evaluation against malicious datasets are presented.

Graduation Thesis language

English

Graduation Thesis type

Master - Computer Science

Supervisor(s)

Dominique Unruh, Colin Boyd and Felix Leder

Defence year

2014