Logo Politecnico di Torino
ENIT
WebThesis

A Framework for the Analysis of File Infection Malware

Lorenzo Ippolito

A Framework for the Analysis of File Infection Malware.

Rel. Cataldo Basile, Juan Caballero. Politecnico di Torino, Master of science program in Computer Engineering, 2024

[thumbnail of Tesi_di_laurea]
Preview
 PDF (Tesi_di_laurea) - Thesis
Licence: Creative Commons Attribution Share Alike.
Download (776kB) | Preview

Abstract

Over the past two decades, malicious software, commonly known as malware, has become one of the largest threats to digital systems. File infectors, a class of malware, spread by injecting their malicious code into legitimate executables. Such infected files are routinely collected by cybersecurity vendors. The mixture of malicious and benign code in infected executables makes it challenging to detect and classify file infectors. This thesis presents a novel framework for the analysis of file infectors. Our framework takes a malware sample as input and examines the permanent modifications made to executables within a sandbox environment to determine if the given sample is a file infector.

The original and modified executables are input to the classification module that leverages a novel executable differ to compare them and determine the type of file infector (i.e., appender, prepender, impersonator)

Relators

Cataldo Basile, Juan Caballero

Academic year

2023/24

Publication type

Electronic

Number of Pages

52

Course of studies

Master of science program in Computer Engineering

Classe di laurea

New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING

Ente in cotutela

INSTITUT EURECOM (FRANCIA)

Aziende collaboratrici

FundaciĆ³n IMDEA Software

URI

https://webthesis.biblio.polito.it/id/eprint/31107
Modify record (reserved for operators) Modify record (reserved for operators)
Logo Politecnico di Torino