University of Twente Student Theses

Login

Dynamic Detection and Classification of Persistence Techniques in Windows Malware

Nielen, J.J. van (2023) Dynamic Detection and Classification of Persistence Techniques in Windows Malware.

[img] PDF
627kB
Abstract:One of the main methods for malware to accomplish its goals is staying active on the infected machine for as long as possible. Persistence techniques are used by malware to survive reboots, user switches, and other low-level events that are out of the control of the malware itself. While persistence is well known to be one of the main tactics deployed by malware, a comprehensive taxonomy of persistence techniques used by Windows malware is missing. In this paper, we provide a taxonomy of 70 distinct techniques, identify their properties, and categorize them accordingly. Additionally, we introduce a set of models to describe and detect each of the techniques. Finally, we implement a dynamic persistence detection system and analyze the adoption of persistence techniques in 5,000 real-world malware samples. We show that 16~\% of the analyzed samples utilize one or multiple persistence techniques. Furthermore, we show that malware generally uses well-documented techniques, but a smaller selection of samples also chooses for more exotic approaches.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:https://purl.utwente.nl/essays/94945
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page