Automated malware behaviour analysis for IoT technologies
As we transition our society into the digital age, the increasing prevalence of IoT Networks and devices will require more cybersecurity personnel to keep these IoT systems secure. A key part of doing this would require personnel to conduct malware analysis on malicious software, to understand th...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2023
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/166124 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | As we transition our society into the digital age, the increasing prevalence of IoT
Networks and devices will require more cybersecurity personnel to keep these
IoT systems secure. A key part of doing this would require personnel to conduct
malware analysis on malicious software, to understand their inner workings and
how to combat them. To do so, requires learning the complex malware analysis
process. Currently, this involves having to utilize a myriad of basic analysis
tools, as well as advanced reverse engineering. However, there is a great level of
difficulty involved in parsing convoluted binary data. New analyst may not be
familiar how and what tools to use for basic analysis. And even those familiar
with malware analysis may not be comfortable with reverse engineering a binary
and understanding its workings from its assembly listing.
This includes two key components. Firstly, we will compile a list of currently
available analysis tools and simplify the analysis process by developing a malware
analysis framework that outlines the key data points to look for during analysis.
This will provide analysts with the necessary tools and information needed to
conduct effective malware analysis. Secondly, we will showcase advanced analysis
techniques by providing analysis scripts that automate the reverse engineering
process in malware analysis. To test the accuracy of our behaviour classification
system, we conduct analysis on known malware samples using our framework and
analysis script. Afterwhich, we compare the detection accuracy using the script
and determine how much malware behaviour it was able to detect. The results
show that following our framework and script, we were able to detect over 80%
of the key malware behaviours in the known malware sample, showing a more
simplified malware analysis process to facilitate in learning. |
|---|