GR Semicolon EN

Show simple item record

dc.contributor.author
Provataki, Athina
en
dc.date.accessioned
2015-06-24T07:52:11Z
dc.date.available
2015-09-27T05:58:39Z
dc.date.issued
2015-06-24
dc.identifier.uri
https://repository.ihu.edu.gr//xmlui/handle/11544/508
dc.rights
Default License
dc.title
Malware Forensics Framework
en
heal.type
masterThesis
heal.keyword
Computer crimes
en
heal.keyword
Internet--Social aspects
en
heal.keyword
Computer networks--Security measures
en
heal.keyword
Computer security
en
heal.keyword
Forensic sciences--Data processing
en
heal.keyword
Computer hackers
en
heal.keyword
Wireless communication systems--Security measures
en
heal.keyword
Malware (Computer software)
en
heal.keyword
Malware (Computer software)--Prevention
en
heal.keyword
Dissertations, Academic
en
heal.language
en
heal.access
free
el
heal.license
http://creativecommons.org/licenses/by-nc/4.0
heal.recordProvider
School of Science and Technology, MSc in Information & Communication Technology Systems
heal.publicationDate
2012-10
heal.bibliographicCitation
Provataki Athina, 2012, Malware forensics framework ,Master's Dissertation, International Hellenic University
en
heal.abstract
Cybercriminals today are able to orchestrate and realize massive or more targeted at-tacks using malware as the mean to invade and infect the victim’s machines thus ac-complishing their malicious intents. Detecting and analyzing such attacks might not al-ways be feasible and could become a daunting and frustrating process. Targeted attacks are amongst the hardest to detect or analyze and pose a major security threat for organi-zations and large corporations as such malware attacks are extremely sophisticated and may go unnoticed for a large period of time magnifying the resulting damaging effects. Modern malicious instances are characterized by composite behavior and functionality. As malware evolves and becomes more sophisticated malicious intruders have the abil-ity to adjust their behavior depending on the infected system and its surrounding envi-ronment. Malevolent performance may be exhibited only upon the acknowledgment of specific system factors and the combination of several adjacent parameters and condi-tions. Certain behavioral aspects might be triggered upon the acknowledgment of spe-cific environmental parameters while performance variances could differently affect each infected machine. To overcome such shortcomings, we introduce a novel forensics methodology for as-sessing and reporting on the modus operandi of a malware in a specific organizational context. The proposed malware forensics framework facilitates multiple executions of the same malware in differently configured systems, in an automated manner, providing fast and inclusive results on how each malware behaves under a specific organizational context. The introduced analysis approach has the ability to correlate, analyze and inter-pret malware analysis results in an automated manner, significantly reducing time and effort needed to investigate and extract forensic intelligence information from a collec-tion of analysis reports.
en
heal.tableOfContents
ABSTRACT ................................................................................................................. III CONTENTS ................................................................................................................... V 1 CHAPTER 1 - INTRODUCTION............................................................................ 7 1.1 OVERVIEW .......................................................................................................... 7 1.2 A STATEMENT OF THE PROBLEM ....................................................................... 7 1.3 ACADEMIC RESEARCH QUESTION - AIMS AND OBJECTIVES ............................. 9 1.4 RESEARCH METHODOLOGY ............................................................................. 10 1.5 SIGNIFICANCE OF RESEARCH .......................................................................... 11 1.6 DISSERTATION STRUCTURE ............................................................................ 12 2 CHAPTER 2 - LITERATURE REVIEW .............................................................. 12 2.1 OVERVIEW OF RELATED ACADEMIC AND RESEARCH WORK .......................... 12 2.2 HISTORICAL REVIEW ........................................................................................ 18 2.3 MALWARE EVOLUTION ..................................................................................... 20 2.3.1 The 70’s – Experiments and Games .............................................. 20 2.3.2 The 80’s – From innocent pranks to “accidental” outbreaks ...... 21 2.3.3 The 90’s – Polymorphism and Toolkits .......................................... 25 2.3.4 The 2000 Decade – Social Engineering and Cybercrime .......... 28 2.4 LATEST MALWARE ATTACKS ........................................................................... 33 2.5 MALWARE TYPES ............................................................................................. 36 2.6 TYPES OF ATTACKS ......................................................................................... 48 2.7 MALWARE FORENSICS ..................................................................................... 55 2.8 MALWARE ANALYSIS ........................................................................................ 60 2.8.1 Static Analysis ................................................................................... 62 2.8.2 Dynamic Analysis .............................................................................. 63 2.8.3 Reverse Engineering ........................................................................ 65 2.9 MALWARE ANALYSIS TOOLS ............................................................................ 66 2.10 OVERVIEW OF MALWARE ANALYSIS TECHNIQUES AND METHODOLOGIES ..... 70 -vi- 3 CHAPTER 3 - SETTING UP THE TEST BED .................................................. 81 3.1 PLATFORM REQUIREMENTS ............................................................................ 81 3.1.1 Hardware Requirements.................................................................. 82 3.1.2 Software Requirements ................................................................... 82 3.1.3 Virtual Machines ............................................................................... 83 3.2 WORKING WITH CUCKOO ................................................................................ 84 4 CHAPTER 4 - EXPERIMENTATION ................................................................. 87 4.1 MALWARE ACQUISITION .................................................................................. 87 4.2 TESTING MALWARE BEHAVIOR IN DIFFERENT OPERATING SYSTEMS ........... 87 4.2.1 Static Analysis ................................................................................... 87 4.2.2 Dynamic Analysis ............................................................................. 88 5 CHAPTER 5 - EXPERIMENTAL RESULTS ANALYSIS ............................... 89 5.1 MANUAL OBSERVATION OF MALWARE BEHAVIOR .......................................... 89 5.2 AUTOMATED ANALYSIS OF MALWARE BEHAVIOR ........................................... 89 5.3 MALWARE BEHAVIOR COMPARISON ............................................................... 91 5.4 IDENTIFYING BEHAVIORAL DIFFERENCES ....................................................... 91 6 CHAPTER 6 - MALWARE FORENSICS FRAMEWORK .............................. 95 6.1 A MALWARE FORENSICS FRAMEWORK PROPOSAL ........................................ 95 6.2 INTEGRATION WITH CUCKOO ......................................................................... 104 6.3 FRAMEWORK LIMITATIONS ............................................................................ 105 7 CHAPTER 7 - CONCLUSIONS ........................................................................ 107 7.1 SUMMARY ...................................................................................................... 107 7.2 CONTRIBUTION .............................................................................................. 107 7.3 FUTURE WORK .............................................................................................. 107 BIBLIOGRAPHY AND REFERENCES ................................................................. 109 APPENDIX ................................................................................................................. 116
en
heal.advisorName
Katos, Prof. Vasileios
en
heal.committeeMemberName
Katos, Ass. Professor V.
en
heal.committeeMemberName
Berberidis, C.
en
heal.committeeMemberName
Ass. Prof. Bassileiades, N.
en
heal.academicPublisher
School of Science &Technology, Master of Science (MSc) in Information and Communication Systems
en
heal.academicPublisherID
ihu
heal.numberOfPages
116
heal.fullTextAvailability
true


This item appears in the following Collection(s)

Show simple item record

Related Items