POLITESI Politecnico di Milano Servizi Bibliotecari di Ateneo Servizi Bibliotecari di Ateneo
 
   ALL THESES       POST GRADUATE THESES       DOCTORAL THESES   
My POLITesi
authorized users
italiano
Please use this identifier to cite or link to this thesis: http://hdl.handle.net/10589/85226

Author: SCORTI, ANDREA
POLINO, MARIO
Supervisor: ZANERO, STEFANO
Scientific Disciplinary Sector: ING-INF/05 SISTEMI DI ELABORAZIONE DELLE INFORMAZIONI
Date: 3-Oct-2013
Academic year: 2012/2013
Title: Jackdaw : automatic behavior extractor and semantic tagger
English abstract: Malicious software, often referred to as malware, is one of the major threats related to computer systems. Sensitive information is constantly under threat of these software. Malware authors, motivated by financial gain, spread new threats every day. To counteract malware, we need to analyze it. We can classify analysis techniques in static or dynamic analysis. Static analysis works on the code (e.g., machine, assembly, source). The advantages are high code covera- ge and scalability, while obfuscation or packing may render it ineffective. Dynamic analysis observes the execution flow of a running program, for example tracing dependencies among API functions. One of a main problems in malware analysis is to automatically define inte- resting behaviors. The state of the art requires analysts to manually define rules that represent behaviors, then search them into malware. Due to the rising number of malware and the growth of potential features, manual analysis became infeasible, so automatic processes are needed to increase coverage of the analyzed malware. Hereby, we present Jackdaw, an automatic behavior extractor and seman- tic tagger. In the first phase, the system exploits both static and dynamic analysis on malware instances in order to find interesting sequences of even- ts that could be behaviors, and maps them on code. Once behaviors are detected, Jackdaw associates a semantic to them. We tested Jackdaw by matching the automatic behaviors extracted again- st a ground truth of manual define behaviors, reaching an approximate 95% match. We also verified that the semantics we give to behaviors are meaningful, through an empirical test.
Italian keywords: malware; software malevoli; analisi comportamentale; comportamenti; semantica
English keywords: malware; malicious software; behavioral analysis; behavior; semantic tags
Language: eng
Appears in Collections:POLITesi >Tesi Specialistiche/Magistrali

Files in This Item:

File Description SizeFormatVisibility
jackdaw_thesis.pdfThesis text4.21 MBAdobe PDFAccessible via Internet only by authorised users (AunicaLogin or Shibboleth) starting from: 16/9/2014 View/Open





 

  Support, maintenance and development by SURplus team @ CINECA- Powered by DSpace Software