Identification of malicious behavior patterns for software
Name
Saad Usman Khan
Abstract
Over the years malware has increased in number and became increasingly
harmful. Traditionally, anti-virus suites are used to protect the computers
from various forms of malware. In recent years a new technique called
“behavior based malware analysis” has become famous which overcomes
some of shortcomings of traditional anti-virus suites. Just like antivirus
suites require signatures, behavior analysis systems require pattern
groups for malware identification. This thesis presents the design and
implementation of a Malware Pattern Generator (MPG). MPG is built
to automatically generate behavior based pattern groups from a given
malicious dataset. MPG uses hierarchical clustering to find similarities
between malware and extracts the similarities to generate pattern groups.
Three variants of MPG are developed during the work on this thesis and
the results of their evaluation against malicious datasets are presented.
Graduation Thesis language
English
Graduation Thesis type
Master - Computer Science
Supervisor(s)
Dominique Unruh, Colin Boyd and Felix Leder
Defence year
2014