Please use this identifier to cite or link to this thesis:
|Author: ||SCORTI, ANDREA|
|Supervisor: ||ZANERO, STEFANO|
|Scientific Disciplinary Sector: ||ING-INF/05 SISTEMI DI ELABORAZIONE DELLE INFORMAZIONI|
|Academic year: ||2012/2013|
|Title: ||Jackdaw : automatic behavior extractor and semantic tagger|
|English abstract: ||Malicious software, often referred to as malware, is one of the major threats
related to computer systems. Sensitive information is constantly under
threat of these software. Malware authors, motivated by financial gain,
spread new threats every day.
To counteract malware, we need to analyze it. We can classify analysis
techniques in static or dynamic analysis. Static analysis works on the code
(e.g., machine, assembly, source). The advantages are high code covera-
ge and scalability, while obfuscation or packing may render it ineffective.
Dynamic analysis observes the execution flow of a running program, for
example tracing dependencies among API functions.
One of a main problems in malware analysis is to automatically define inte-
resting behaviors. The state of the art requires analysts to manually define
rules that represent behaviors, then search them into malware. Due to
the rising number of malware and the growth of potential features, manual
analysis became infeasible, so automatic processes are needed to increase
coverage of the analyzed malware.
Hereby, we present Jackdaw, an automatic behavior extractor and seman-
tic tagger. In the first phase, the system exploits both static and dynamic
analysis on malware instances in order to find interesting sequences of even-
ts that could be behaviors, and maps them on code. Once behaviors are
detected, Jackdaw associates a semantic to them.
We tested Jackdaw by matching the automatic behaviors extracted again-
st a ground truth of manual define behaviors, reaching an approximate
95% match. We also verified that the semantics we give to behaviors are
meaningful, through an empirical test.|
|Italian keywords: ||malware; software malevoli; analisi comportamentale; comportamenti; semantica|
|English keywords: ||malware; malicious software; behavioral analysis; behavior; semantic tags|
|Appears in Collections:||POLITesi >Tesi Specialistiche/Magistrali|
Files in This Item:
|jackdaw_thesis.pdf||Thesis text||4.21 MB||Adobe PDF||Accessible via Internet only by authorised users (AunicaLogin or Shibboleth) starting from: