Multinomial malware classification based on call graphs
Master thesis
Permanent lenke
http://hdl.handle.net/11250/2448956Utgivelsesdato
2017Metadata
Vis full innførselSamlinger
Sammendrag
Ever since the computer was invented, people have found ways to evolve interaction or simplify tasks with computational resources, this for both good and bad. For the known lifespan of the digital age, malicious software (malware) has been a constant threat to computer systems. Malware has been the cause of enormous damage related to both governmental and private sectors, but also for individuals. Malware has evolved to target different systems and environments and therefore there exists a vastly amount of different samples which differ in both attack methods and functionality. Furthermore, malware has been developed by attackers to exploit unknown vulnerabilities, evade detection techniques and include multiple functionalities, expanding the pool of malware even more. Because of this security expert has to keep up with the development of countermeasures to detect and alarm for this expanding threat.
This thesis addresses one such approach where different malware families are executed, and the traces left from this is analyzed to classify what kind of malware family a sample is. More specifically this thesis utilizes expert knowledge to derive expert graphs describing a malware family, and the graph is then used to match unknown samples to search for likeness.