An improved malware detection framework
The detection of malware intrusion requires the identification of its signature. However, cyber security practitioners are having difficulty to manually detect signature-based malware due to the increasing number of malware. As a consequence, malware are only detected after an incident has occurred....
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2020
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/108009/1/AhmadNaimIrfanAswamiFadillahMFTIR2020.pdf.pdf http://eprints.utm.my/108009/ http://dms.library.utm.my:8080/vital/access/manager/Repository/vital:154243?site_name=GlobalView&query=An+improved+malware+detection+framework&queryType=vitalDismax |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.utm.108009 |
|---|---|
| record_format |
eprints |
| spelling |
my.utm.1080092024-11-01T00:37:56Z http://eprints.utm.my/108009/ An improved malware detection framework Aswami Fadillah, Ahmad Naim Irfan T58.5-58.64 Information technology TK5101-6720 Telecommunication The detection of malware intrusion requires the identification of its signature. However, cyber security practitioners are having difficulty to manually detect signature-based malware due to the increasing number of malware. As a consequence, malware are only detected after an incident has occurred. By then it would have already incurred monetary loss, thus causing a huge impact on an organisation’s brand and clients’ trusts. This research aims to propose a solution for the problem highlighted by formulating an improved malware detection framework. The improved malware detection framework was formulated based on the malware detection solution components identified as malware analysis, malware detection, machine learning algorithm, cyber threat intelligence data and digital forensics principle (preservation). Then, the formulated framework was implemented and evaluated by performing a threat hunting experiment. The implementation of the formulated framework produced information that described the distribution of high severity malware which posed the most threat in the top three states based on the clustering algorithm used. The clustering algorithm used 3 as the value of K which had the best silhouette score based on Euclidean distance calculated that is 0.931766381586 and assisted in generating the YARA rules. The experiment result shows that the generated YARA rules from the clustering algorithm and data enrichment were able to detect Bladabindi, Conficker as well as Zbot by referring to the signature derived from the automated malware analysis. As a conclusion, the framework itself, steps, techniques and the process flow utilised in formulating the improved framework served as an effective malware detection solution. Hence, cyber security practitioners can apply the improved malware detection framework as a guideline to conduct threat hunting within their organisation. 2020 Thesis NonPeerReviewed application/pdf en http://eprints.utm.my/108009/1/AhmadNaimIrfanAswamiFadillahMFTIR2020.pdf.pdf Aswami Fadillah, Ahmad Naim Irfan (2020) An improved malware detection framework. Masters thesis, Universiti Teknologi Malaysia. http://dms.library.utm.my:8080/vital/access/manager/Repository/vital:154243?site_name=GlobalView&query=An+improved+malware+detection+framework&queryType=vitalDismax |
| institution |
Universiti Teknologi Malaysia |
| building |
UTM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknologi Malaysia |
| content_source |
UTM Institutional Repository |
| url_provider |
http://eprints.utm.my/ |
| language |
English |
| topic |
T58.5-58.64 Information technology TK5101-6720 Telecommunication |
| spellingShingle |
T58.5-58.64 Information technology TK5101-6720 Telecommunication Aswami Fadillah, Ahmad Naim Irfan An improved malware detection framework |
| description |
The detection of malware intrusion requires the identification of its signature. However, cyber security practitioners are having difficulty to manually detect signature-based malware due to the increasing number of malware. As a consequence, malware are only detected after an incident has occurred. By then it would have already incurred monetary loss, thus causing a huge impact on an organisation’s brand and clients’ trusts. This research aims to propose a solution for the problem highlighted by formulating an improved malware detection framework. The improved malware detection framework was formulated based on the malware detection solution components identified as malware analysis, malware detection, machine learning algorithm, cyber threat intelligence data and digital forensics principle (preservation). Then, the formulated framework was implemented and evaluated by performing a threat hunting experiment. The implementation of the formulated framework produced information that described the distribution of high severity malware which posed the most threat in the top three states based on the clustering algorithm used. The clustering algorithm used 3 as the value of K which had the best silhouette score based on Euclidean distance calculated that is 0.931766381586 and assisted in generating the YARA rules. The experiment result shows that the generated YARA rules from the clustering algorithm and data enrichment were able to detect Bladabindi, Conficker as well as Zbot by referring to the signature derived from the automated malware analysis. As a conclusion, the framework itself, steps, techniques and the process flow utilised in formulating the improved framework served as an effective malware detection solution. Hence, cyber security practitioners can apply the improved malware detection framework as a guideline to conduct threat hunting within their organisation. |
| format |
Thesis |
| author |
Aswami Fadillah, Ahmad Naim Irfan |
| author_facet |
Aswami Fadillah, Ahmad Naim Irfan |
| author_sort |
Aswami Fadillah, Ahmad Naim Irfan |
| title |
An improved malware detection framework |
| title_short |
An improved malware detection framework |
| title_full |
An improved malware detection framework |
| title_fullStr |
An improved malware detection framework |
| title_full_unstemmed |
An improved malware detection framework |
| title_sort |
improved malware detection framework |
| publishDate |
2020 |
| url |
http://eprints.utm.my/108009/1/AhmadNaimIrfanAswamiFadillahMFTIR2020.pdf.pdf http://eprints.utm.my/108009/ http://dms.library.utm.my:8080/vital/access/manager/Repository/vital:154243?site_name=GlobalView&query=An+improved+malware+detection+framework&queryType=vitalDismax |
| _version_ |
1814932868742250496 |
| score |
13.211869 |