AAU Student Projects - visit Aalborg University's student projects portal
A master's thesis from Aalborg University
Book cover


Network analysis system for self-propagating malware

Authors

;

Term

4. semester

Education

Cyber Security, Master

Publication year

2023

Submitted on

Pages

102

Abstract

Malware remains a worldwide threat to computer systems. Some strains have worm-like capabilities and can spread automatically from one device to another. Many also change their form to avoid detection, which makes traditional defenses less effective. To better study how such self-propagating malware behaves on networks, improved sandboxing is needed, meaning safe, isolated test environments where suspicious software can be run without risking other systems. In this work, we integrate SPM (self-propagating malware) analysis into the existing CAPEv2 Sandbox and enable automatic SPM analysis and data collection. We also integrate Security Onion, a suite of network monitoring and forensic tools, to run alongside CAPEv2, giving malware analysts more options. We provide complete documentation and recommendations for building and enhancing the analysis system on both physical and virtual testbeds, with guidance for different use cases. Finally, we demonstrate the system’s effectiveness using real-world samples.

Malware er fortsat en global trussel mod computersystemer. Nogle varianter har orm‑lignende egenskaber og kan derfor sprede sig automatisk fra en enhed til en anden. Mange skifter også form for at undgå at blive opdaget, hvilket gør traditionelle forsvar mindre effektive. For bedre at kunne undersøge, hvordan sådan selvspredende malware opfører sig i netværk, er der behov for forbedret sandkasseanalyse, dvs. sikre, isolerede testmiljøer hvor mistænkelig software kan køres uden at sætte andre systemer i risiko. I dette arbejde integrerer vi SPM‑analyse (self‑propagating malware) i den eksisterende CAPEv2 Sandbox og muliggør automatisk SPM‑analyse og dataindsamling. Vi integrerer desuden Security Onion, en samling netværksovervågnings- og forensiske værktøjer, til at arbejde sammen med CAPEv2, så malwareanalytikere får flere muligheder. Vi leverer også komplet dokumentation og anbefalinger til at bygge og forbedre analysesystemet i både fysiske og virtuelle testmiljøer og giver vejledning til forskellige anvendelser. Endelig demonstrerer vi systemets effektivitet med virkelige prøver.

[This apstract has been rewritten with the help of AI based on the project's original abstract]

Keywords

Self-Spreading-Malware ; Malware analysis ; Sandbox ; Network forensics

Documents

Download PDF
View record in AAU Student Projects