Flexible Analyst Defined Viewpoint for Malware Relationship Analysis
abstract: The rate at which new malicious software (Malware) is created is consistently increasing each year. These new malwares are designed to bypass the current anti-virus countermeasures employed to protect computer systems. Security Analysts must understand the nature and intent of the malware...
Other Authors: | |
---|---|
Format: | Dissertation |
Language: | English |
Published: |
2014
|
Subjects: | |
Online Access: | http://hdl.handle.net/2286/R.I.27388 |
id |
ndltd-asu.edu-item-27388 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-asu.edu-item-273882018-06-22T03:05:39Z Flexible Analyst Defined Viewpoint for Malware Relationship Analysis abstract: The rate at which new malicious software (Malware) is created is consistently increasing each year. These new malwares are designed to bypass the current anti-virus countermeasures employed to protect computer systems. Security Analysts must understand the nature and intent of the malware sample in order to protect computer systems from these attacks. The large number of new malware samples received daily by computer security companies require Security Analysts to quickly determine the type, threat, and countermeasure for newly identied samples. Our approach provides for a visualization tool to assist the Security Analyst in these tasks that allows the Analyst to visually identify relationships between malware samples. This approach consists of three steps. First, the received samples are processed by a sandbox environment to perform a dynamic behavior analysis. Second, the reports of the dynamic behavior analysis are parsed to extract identifying features which are matched against other known and analyzed samples. Lastly, those matches that are determined to express a relationship are visualized as an edge connected pair of nodes in an undirected graph. Dissertation/Thesis Holmes, James Edward (Author) Ahn, Gail-Joon (Advisor) Dasgupta, Partha (Committee member) Doupe, Adam (Committee member) Arizona State University (Publisher) Computer science Flexible Viewpoint Malware Analysis Relationship Visualization eng 64 pages Masters Thesis Computer Science 2014 Masters Thesis http://hdl.handle.net/2286/R.I.27388 http://rightsstatements.org/vocab/InC/1.0/ All Rights Reserved 2014 |
collection |
NDLTD |
language |
English |
format |
Dissertation |
sources |
NDLTD |
topic |
Computer science Flexible Viewpoint Malware Analysis Relationship Visualization |
spellingShingle |
Computer science Flexible Viewpoint Malware Analysis Relationship Visualization Flexible Analyst Defined Viewpoint for Malware Relationship Analysis |
description |
abstract: The rate at which new malicious software (Malware) is created is consistently increasing each year. These new malwares are designed to bypass the current anti-virus countermeasures employed to protect computer systems. Security Analysts must understand the nature and intent of the malware sample in order to protect computer systems from these attacks. The large number of new malware samples received daily by computer security companies require Security Analysts to quickly determine the type, threat, and countermeasure for newly identied samples. Our approach provides for a visualization tool to assist the Security Analyst in these tasks that allows the Analyst to visually identify relationships between malware samples.
This approach consists of three steps. First, the received samples are processed by a sandbox environment to perform a dynamic behavior analysis. Second, the reports of the dynamic behavior analysis are parsed to extract identifying features which are matched against other known and analyzed samples. Lastly, those matches that are determined to express a relationship are visualized as an edge connected pair of nodes in an undirected graph. === Dissertation/Thesis === Masters Thesis Computer Science 2014 |
author2 |
Holmes, James Edward (Author) |
author_facet |
Holmes, James Edward (Author) |
title |
Flexible Analyst Defined Viewpoint for Malware Relationship Analysis |
title_short |
Flexible Analyst Defined Viewpoint for Malware Relationship Analysis |
title_full |
Flexible Analyst Defined Viewpoint for Malware Relationship Analysis |
title_fullStr |
Flexible Analyst Defined Viewpoint for Malware Relationship Analysis |
title_full_unstemmed |
Flexible Analyst Defined Viewpoint for Malware Relationship Analysis |
title_sort |
flexible analyst defined viewpoint for malware relationship analysis |
publishDate |
2014 |
url |
http://hdl.handle.net/2286/R.I.27388 |
_version_ |
1718700585082945536 |