Date of Award
8-2010
Degree Type
Thesis
Degree Name
M.S.
Degree Program
Computer Science
Department
Computer Science
Major Professor
Bilar, Daniel
Second Advisor
Richard III, Golden
Third Advisor
Tu, Shengru
Abstract
Current signature-based Anti-Virus (AV) detection approaches take, on average, two weeks from discovery to definition update release to AV users. In addition, these signatures get stale quickly: AV products miss between 25%-80% of new malicious software within a week of not updating. This thesis researches and develops a detection/classification mechanism for malicious software through statistical analysis of dynamic malware behavior. Several characteristics for each behavior type were stored and analyzed such as function DLL names, function parameters, exception thread ids, exception opcodes, pages accessed during faults, port numbers, connection types, and IP addresses. Behavioral data was collected via Norman Sandbox for storage and analysis. We proposed to find which statistical measures and metrics can be collected for use in the detection and classification of malware. We conclude that our logging and cataloging procedure is a potentially viable method in creating behavior-based malicious software detection and classification mechanisms.
Recommended Citation
Shoemake, Danielle, "Dynamic Behavioral Analysis of Malicious Software with Norman Sandbox" (2010). University of New Orleans Theses and Dissertations. 1233.
https://scholarworks.uno.edu/td/1233
Rights
The University of New Orleans and its agents retain the non-exclusive license to archive and make accessible this dissertation or thesis in whole or in part in all forms of media, now or hereafter known. The author retains all other ownership rights to the copyright of the thesis or dissertation.