University of Twente Student Theses


Correlating features of malicious software to increase insight in attribution

Beunder, K.M. (2018) Correlating features of malicious software to increase insight in attribution.

[img] PDF
Abstract:This paper discusses research done on malware attribution. Attribution of malware is complex and with cyber crime becoming more and more popular, law enforcement is facing an uphill battle. Unless the attacker makes a rookie mistake it will be difficult and sometimes impossible to determine who the author of a malware sample is (if there is a single author). This research consists of two parts. The first part experiments with the malware analysis tool Cuckoo Sandbox and different machine learning models to determine possible attribution accuracy. The second part analyzes malware samples to determine the effects of different obfuscation tools on the analysis and the analysis results. Both static and dynamic behavior of the samples are used in the analysis. The results show that even when using only features from static analysis, accuracies of up to 57\% and 72\% can be achieved. Furthermore obfuscation tools can have an impact on both static and dynamic features although the simpler obfuscation tools only influence the static ones. It is argued that with more research this type of analysis will be useful to law enforcement with respect to malware attribution. The usefulness will be limited to providing a list of possible suspects.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page