University of Twente Student Theses
Combining Multiple Malware Detection Approaches for Achieving Higher Accuracy
Lenthe, J.M. van (2014) Combining Multiple Malware Detection Approaches for Achieving Higher Accuracy.
PDF
545kB |
Abstract: | As malware poses a major threat on the Internet, malware detection and mitigation approaches have been developed and used in the bat- tle against malware. Some malware samples elude these approaches, while some benign software is marked malicious. Having looked at the state of the art in detection approaches, we have combined three, namely honeypots, DNS data analysis and flow data analysis. All three are widely used in corporate networks and can be exerted for detecting malware. By conducting experiments in which a workstation in a closed environment gets infected by malware samples, we have observed that a honeypot is not an effective approach for malware detection, because no malware tried to reach our honeypot. However, DNS data analysis and flow data analysis can be combined to achieve synergy, by providing more information about whether a workstation is infected by malware, leading to more informed decisions. |
Item Type: | Essay (Master) |
Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
Subject: | 54 computer science |
Programme: | Computer Science MSc (60300) |
Link to this item: | https://purl.utwente.nl/essays/64999 |
Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Repository Staff Only: item control page