Tarkvara pahatahtlike käitumismustrite tuvastamine
Files
Date
2014
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Aastate jooksul on pahavara hulk kasvanud ja pahavara on muutunud
järjest kahjulikumaks. Traditsioonilised viirusetõrje tööriistad kaitsevad
arvuteid erinevate pahavara vormide eest. Viimastel aastatel on aga
muutunud populaarseks uus tehnika "käitumispõhine pahavara analüüs",
mis ületab mõned traditsiooniliste viirusetõrjeprogrammide puudujäägid.
Nagu viirusetõrjed vajavad pahavara signatuure, kasutavad käitumispõhised
tööriistad käitumismustrite gruppe, et pahavara tuvastada. Käesolev
töö tutvustab tööriista Malware Pattern Generator (MPG ehk pahavara
mustrite generaator) tööpõhimõtteid ja implementatsiooni. Tööriist MPG
genereerib automaatselt käitumispõhiseid mustrite gruppe kasutades selleks
hulka teadaolevat pahavara. MPG kasutab hierarhilist klasterdamist,
et leida sarnasusi erinevate pahavarade vahel ja ekstraheerib need sarnasused,
et luua mustrite gruppe. Käesolev töö kirjeldab kolme erinevat
MPG versiooni ja võrdleb nende tulemusi.
Over the years malware has increased in number and became increasingly harmful. Traditionally, anti-virus suites are used to protect the computers from various forms of malware. In recent years a new technique called “behavior based malware analysis” has become famous which overcomes some of shortcomings of traditional anti-virus suites. Just like antivirus suites require signatures, behavior analysis systems require pattern groups for malware identification. This thesis presents the design and implementation of a Malware Pattern Generator (MPG). MPG is built to automatically generate behavior based pattern groups from a given malicious dataset. MPG uses hierarchical clustering to find similarities between malware and extracts the similarities to generate pattern groups. Three variants of MPG are developed during the work on this thesis and the results of their evaluation against malicious datasets are presented.
Over the years malware has increased in number and became increasingly harmful. Traditionally, anti-virus suites are used to protect the computers from various forms of malware. In recent years a new technique called “behavior based malware analysis” has become famous which overcomes some of shortcomings of traditional anti-virus suites. Just like antivirus suites require signatures, behavior analysis systems require pattern groups for malware identification. This thesis presents the design and implementation of a Malware Pattern Generator (MPG). MPG is built to automatically generate behavior based pattern groups from a given malicious dataset. MPG uses hierarchical clustering to find similarities between malware and extracts the similarities to generate pattern groups. Three variants of MPG are developed during the work on this thesis and the results of their evaluation against malicious datasets are presented.