Automated detection and classification of malware used in targeted attacks via machine learning

Simple item page
buir.advisorKörpeoğlu, İbrahim
dc.contributor.authorKorkmaz, Yakup
dc.date.accessioned2016-06-22T06:37:10Z
dc.date.available2016-06-22T06:37:10Z
dc.date.copyright2015-09
dc.date.issued2015-09
dc.date.submitted2015-09-15
dc.descriptionhttp://hdl.handle.net/11693/29111en_US
dc.descriptionIncludes bibliographical references (leaves 34-36).en_US
dc.descriptionThesis (M.S.): Bilkent University, Department of Computer Engineering, İhsan Doğramacı Bilkent University, 2015.en_US
dc.description.abstractTargeted attacks pose a great threat to governments and commercial entities. Increasing number of targeted attacks, especially Advanced Persistent Threats, are being discovered and exposed in each year by various cyber security organizations. Key characteristics of these attacks are well-funded and skilled actors persistently targeting speci c entities, sophisticated tools and tactics, long-time presence in breached environments before detection and stealth operation. Malware plays a crucial role in a targeted attack for various tasks such as compromising systems, maintaining presence, communicating with the operators, carrying out commands, etc. Because of its stealthy nature, malware used in targeted attacks is expected to act di erent than the traditional malware when it is dynamically analyzed in a sandbox environment. In this thesis we focused on the malware used in targeted attacks and present a method to automatically detect and classify targeted malware through machine learning using behavioral and memory features. Its worth noting that it is a rst work published in the literature that classi es targeted malware and incorporates memory features into the dynamic features. The method comprises the steps of running both traditional and targeted malware in a dynamic analysis system along with a memory analysis tool, extracting features from behavioral and memory artifacts found in analysis results and employing machine learning on the extracted features. New behavioral and memory features were de ned in order to classify targeted malware more e ectively. Method is then evaluated over a dataset comprised of targeted and traditional malware with di erent supervised learning algorithms. The results show that machine learning can be employed successfully to automatically detect and classify targeted malware from dynamic analysis results using behavioral and memory features.en_US
dc.description.provenanceSubmitted by Betül Özen (ozen@bilkent.edu.tr) on 2016-06-22T06:37:10Z No. of bitstreams: 1 Thesis_YakupKorkmaz.pdf: 419964 bytes, checksum: fb7a71bfa2622996dc18b4040ab6a35e (MD5)en
dc.description.provenanceMade available in DSpace on 2016-06-22T06:37:10Z (GMT). No. of bitstreams: 1 Thesis_YakupKorkmaz.pdf: 419964 bytes, checksum: fb7a71bfa2622996dc18b4040ab6a35e (MD5) Previous issue date: 2015-09en
dc.description.statementofresponsibilityby Yakup Korkmaz.en_US
dc.format.extentxi, 42 leaves.en_US
dc.identifier.itemidB151302
dc.identifier.urihttp://hdl.handle.net/11693/29171
dc.language.isoEnglishen_US
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.subjectTargeted attacksen_US
dc.subjectAdvanced Persistent Threatsen_US
dc.subjectDynamic analysisen_US
dc.subjectMemory analysisen_US
dc.subjectDynamic featuresen_US
dc.subjectTargeted malware classi cationen_US
dc.titleAutomated detection and classification of malware used in targeted attacks via machine learningen_US
dc.title.alternativeHedefli saldırılarda kullanılan zararlı yazılımların makine öğrenimi kullanılarak tespiti ve sınıflandırılmasıen_US
dc.typeThesisen_US
thesis.degree.disciplineComputer Engineering
thesis.degree.grantorBilkent University
thesis.degree.levelMaster's
thesis.degree.nameMS (Master of Science)

Files

Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
Thesis_YakupKorkmaz.pdf
Size:
410.12 KB
Format:
Adobe Portable Document Format
Description:
Full printable version
Download
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.71 KB
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

Graduate School of Engineering and Science