Dynamic Malware Analysis through a Custom Network Topology

Student thesis: Master Thesis and HD Thesis

  • Adil Khurshid
  • Omar Nabil Hawwash
4. semester, Master of Science (MSc) in Cyber Security (Master Programme)
The project aims to create a virtual platform for the dynamic analysis of malware samples through sandboxing. For this purpose, a virtual network topology is created with EVE-NG, a network emulation application, while within the network a sandbox machine is installed. Furthermore, a number of virtual machines with different levels of hardening with anti-evasion techniques have been set up and are dynamically infected with malware. In addition, honeypots running several services, such as FTP and several web services, have been installed. This topology is configurable, meaning that the network architecture and the virtual machines and services can be modified. This setup allows the researchers to monitor the behavior of the malware and capture its network activity in a controlled environment. The preliminary results show that when a malware infects a machine with a higher level of hardening, it has more active behavior and triggers more detection signatures.
Publication date2022
Number of pages106
ID: 471695056