Network analysis system for self-propagating malware

Studenteropgave: Kandidatspeciale og HD afgangsprojekt

  • Mohamed Msaad
  • David Holm Audran
4. semester, Cybersikkerhed, kandidat (Kandidatuddannelse)
Malware continues to pose a threat to computer systems worldwide. Some come equipped with worm capabilities, meaning they can self-propagate from one system to another without human interaction. Moreover, the evolution of malware to being form-changing makes it increasingly difficult for traditional detection techniques to effectively identify and mitigate those threats. Furthermore, existing sandboxing techniques must be improved when studying the network behavior of self-propagating malware.
In this work, we present the integration of SPM analysis into the existing CAPEv2 Sandbox and enable automatic SPM analysis and data gathering. Furthermore, we integrate Security Onion and all its available network monitoring and forensic tools to work alongside CAPEv2. Giving more possibilities to the malware analyst. We also provide complete documentation and recommendations to build and enhance the analysis system for physical and virtual testbeds. While offering guidance to the different use cases. Finally, we demonstrate the efficiency of the system with real-world samples.
Udgivelsesdato2 jun. 2023
Antal sider102
ID: 532653109