Title: Malware through the looking glass : malware analysis in an evolving threat landscape
Language: input.forms.value-pairs.iso-languages.en
Authors: Lindorfer, Martina 
Qualification level: Doctoral
Advisor: Weippl, Edgar 
Assisting Advisor: Kirda, Engin 
Issue Date: 2015
Lindorfer, M. (2015). Malware through the looking glass : malware analysis in an evolving threat landscape [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2015.35065
Number of Pages: 145
Qualification level: Doctoral
Malware has become a multi-million dollar industry and is the basis of many forms of cybercrime. Motivated by financial gains, malware authors are constantly evolving their code to evade security defenses and exploit new monetization techniques. Developing effective and efficient analysis methods is an arms race against malware authors. One current challenge is that malware authors overwhelm analysis systems with an increasing number of malware samples, which are mostly repacked versions of already known malware. We develop novel techniques to compare multiple versions of self-updating malware. By associating the high-level behavior of malware with the functional components that implement it, we can observe the evolution of malware families and highlight interesting components for further analysis. With the emergence of mobile platforms, malware has spread to these devices as well. Mobile devices provide malware with new ways for monetization and pose unique challenges for building defenses by limiting the capabilities of on-device defenses. We build a large-scale public analysis sandbox for Android apps, called Andrubis, as a cloud-based service. We leverage the large and diverse dataset of over one million Android apps Andrubis collected to gain insights into the behavior and evolution of Android malware. Furthermore, we use machine learning to build a robust classifier that can automatically distinguish benign from malicious apps with high accuracy. Finally, as mobile platforms led to the emergence of application markets as the main app distribution channel, we present an Android market radar for the fast discovery of malware in alternative application markets.
Keywords: Security; Malware; Information Security; Systems Security; Code Analysis
URI: https://doi.org/10.34726/hss.2015.35065
DOI: 10.34726/hss.2015.35065
Library ID: AC13027244
Organisation: E188 - Institut für Softwaretechnik und Interaktive Systeme 
Publication Type: Thesis
Appears in Collections:Thesis

Files in this item:

Items in reposiTUm are protected by copyright, with all rights reserved, unless otherwise indicated.

Page view(s)

checked on May 10, 2022


checked on May 10, 2022

Google ScholarTM