A master thesis from Aalborg University
Network analysis system for self-propagating malware
Author(s)
Term
4. semester
Education
Publication year
2023
Submitted on
2023-06-02
Pages
102 pages
Abstract
Malware continues to pose a threat to computer systems worldwide. Some come equipped with worm capabilities, meaning they can self-propagate from one system to another without human interaction. Moreover, the evolution of malware to being form-changing makes it increasingly difficult for traditional detection techniques to effectively identify and mitigate those threats. Furthermore, existing sandboxing techniques must be improved when studying the network behavior of self-propagating malware. In this work, we present the integration of SPM analysis into the existing CAPEv2 Sandbox and enable automatic SPM analysis and data gathering. Furthermore, we integrate Security Onion and all its available network monitoring and forensic tools to work alongside CAPEv2. Giving more possibilities to the malware analyst. We also provide complete documentation and recommendations to build and enhance the analysis system for physical and virtual testbeds. While offering guidance to the different use cases. Finally, we demonstrate the efficiency of the system with real-world samples.
Keywords
Documents
Colophon: This page is part of the AAU Student Projects portal, which is run by Aalborg University. Here, you can find and download publicly available bachelor's theses and master's projects from across the university dating from 2008 onwards. Student projects from before 2008 are available in printed form at Aalborg University Library.
If you have any questions about AAU Student Projects or the research registration, dissemination and analysis at Aalborg University, please feel free to contact the VBN team. You can also find more information in the AAU Student Projects FAQs.