University of Twente Student Theses

Login

Behavioural analysis of program intent using data origins, influence and context

Verkleij, Jelmer (2017) Behavioural analysis of program intent using data origins, influence and context.

[img]
Preview
PDF
2MB
Abstract:This thesis introduces a method for modelling PHP script behaviour as a graph, as well as a method for defining behavioural patterns and searching for those patterns in these graph representations. By analysing what runtime behaviour can be used for distinguishing malware from legitimate code, and looking at similar techniques in related fields, a method is developed based on the aforementioned modelling technique for tracking relevant actions taken by the interpreter during script execution and using that to determine whether the actions could be considered to have harmful effects. After creating a relevant set of heuristics, the effectiveness of the instrumentation is put to the test by comparing its performance on datasets of both malicious and legitimate code. The proposed method proves to be highly accurate and effective, and it has better detection rates than all other scanning techniques currently on the market. There are however some concerns about the instrumentation's performance and stability. Based on the testing results, we also provide several recommendations for further feature expansion and future applications of similar methods for detecting particular development patterns, errors or vulnerabilities in script behaviour.
Item Type:Essay (Master)
Clients:
Patchman B.V., Enschede, Netherlands
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Embedded Systems MSc (60331)
Link to this item:http://purl.utwente.nl/essays/72965
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page