A master thesis from Aalborg University
Dynamic Malware Analysis through a Custom Network Topology
Author(s)
Term
4. semester
Education
Publication year
2022
Submitted on
2022-05-30
Pages
106 pages
Abstract
The project aims to create a virtual platform for the dynamic analysis of malware samples through sandboxing. For this purpose, a virtual network topology is created with EVE-NG, a network emulation application, while within the network a sandbox machine is installed. Furthermore, a number of virtual machines with different levels of hardening with anti-evasion techniques have been set up and are dynamically infected with malware. In addition, honeypots running several services, such as FTP and several web services, have been installed. This topology is configurable, meaning that the network architecture and the virtual machines and services can be modified. This setup allows the researchers to monitor the behavior of the malware and capture its network activity in a controlled environment. The preliminary results show that when a malware infects a machine with a higher level of hardening, it has more active behavior and triggers more detection signatures.
Keywords
sandboxing ; malware ; network topology ; cuckoo ; eve-ng ; analysis ; dynamic malware analysis ; honeypots ; FOG ; scalable ; scalability
Documents
Colophon: This page is part of the AAU Student Projects portal, which is run by Aalborg University. Here, you can find and download publicly available bachelor's theses and master's projects from across the university dating from 2008 onwards. Student projects from before 2008 are available in printed form at Aalborg University Library.
If you have any questions about AAU Student Projects or the research registration, dissemination and analysis at Aalborg University, please feel free to contact the VBN team. You can also find more information in the AAU Student Projects FAQs.