Lorenzo Ippolito
A Framework for the Analysis of File Infection Malware.
Rel. Cataldo Basile, Juan Caballero. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2024
|
PDF (Tesi_di_laurea)
- Tesi
Licenza: Creative Commons Attribution Share Alike. Download (776kB) | Preview |
Abstract: |
Over the past two decades, malicious software, commonly known as malware, has become one of the largest threats to digital systems. File infectors, a class of malware, spread by injecting their malicious code into legitimate executables. Such infected files are routinely collected by cybersecurity vendors. The mixture of malicious and benign code in infected executables makes it challenging to detect and classify file infectors. This thesis presents a novel framework for the analysis of file infectors. Our framework takes a malware sample as input and examines the permanent modifications made to executables within a sandbox environment to determine if the given sample is a file infector. The original and modified executables are input to the classification module that leverages a novel executable differ to compare them and determine the type of file infector (i.e., appender, prepender, impersonator). We evaluate the effectiveness of our framework on 350 executables belonging to 70 malware families. |
---|---|
Relatori: | Cataldo Basile, Juan Caballero |
Anno accademico: | 2023/24 |
Tipo di pubblicazione: | Elettronica |
Numero di pagine: | 52 |
Soggetti: | |
Corso di laurea: | Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering) |
Classe di laurea: | Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA |
Ente in cotutela: | INSTITUT EURECOM (FRANCIA) |
Aziende collaboratrici: | FundaciĆ³n IMDEA Software |
URI: | http://webthesis.biblio.polito.it/id/eprint/31107 |
Modifica (riservato agli operatori) |