Verfügbarkeit: Classification of Metamorphic Malware using Value Set Analysis

Classification of Metamorphic Malware using Value Set Analysis:

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Leder, Felix (VerfasserIn)
Format:	Abschlussarbeit Buch
Sprache:	German
Veröffentlicht:	Waabs GCA 2012
Ausgabe:	1., Auflage
Schriftenreihe:	Forschen und Wissen - Informatik
Schlagworte:	Datenflussanalyse Malware Hochschulschrift
Online-Zugang:	Inhaltsverzeichnis
Beschreibung:	XVI, 212 S. 55 Ill. 209 mm x 148 mm, 345 g
ISBN:	9783898632515

Internformat

MARC


LEADER	00000nam a2200000 c 4500
001	BV041398258
003	DE-604
005	20131105
007	t
008	131105s2012 gw a\|\|\| m\|\|\| 00\|\|\| ger d
015			\|a 12,N25 \|2 dnb
016	7		\|a 1023365804 \|2 DE-101
020			\|a 9783898632515 \|c Pb. : EUR 45.00 (DE), EUR 46.30 (AT) \|9 978-3-89863-251-5
024	3		\|a 9783898632515
035			\|a (OCoLC)839910124
035			\|a (DE-599)DNB1023365804
040			\|a DE-604 \|b ger \|e rakddb
041	0		\|a ger
044			\|a gw \|c XA-DE-SH
049			\|a DE-29T
082	0		\|a 005.84 \|2 22/ger
084			\|a 004 \|2 sdnb
100	1		\|a Leder, Felix \|e Verfasser \|4 aut
245	1	0	\|a Classification of Metamorphic Malware using Value Set Analysis \|c vorgelegt von Felix Sebastian Leder
250			\|a 1., Auflage
264		1	\|a Waabs \|b GCA \|c 2012
300			\|a XVI, 212 S. \|b 55 Ill. \|c 209 mm x 148 mm, 345 g
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
490	0		\|a Forschen und Wissen - Informatik
502			\|a Zugl.: Bonn, Univ., Diss., 2012
650	0	7	\|a Datenflussanalyse \|0 (DE-588)1058751557 \|2 gnd \|9 rswk-swf
650	0	7	\|a Malware \|0 (DE-588)4687059-3 \|2 gnd \|9 rswk-swf
655		7	\|0 (DE-588)4113937-9 \|a Hochschulschrift \|2 gnd-content
689	0	0	\|a Malware \|0 (DE-588)4687059-3 \|D s
689	0	1	\|a Datenflussanalyse \|0 (DE-588)1058751557 \|D s
689	0		\|5 DE-604
856	4	2	\|m DNB Datenaustausch \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=026845858&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
999			\|a oai:aleph.bib-bvb.de:BVB01-026845858

Datensatz im Suchindex

_version_	1804151502306017280
adam_text	IMAGE 1 CONTENTS 1. INTRODUCTION 1 1.1. MALWARE ANALYSIS PROCESS 3 1.1.1. MALWARE COLLECTION 3 1.1.2. MALWARE INVESTIGATION 4 1.1.3. APPLICATION OF MALWARE INFORMATION 5 1.2. PROBLEM DEFINITION 5 1.3. THESIS OVERVIEW 7 2. MALWARE ANALYSIS METHODOLOGY AND MALWARE DEFENSE STRATEGIES 9 2.1. MALWARE ANALYSIS METHODOLOGY 9 2.1.1. STATIC ANALYSIS 10 2.1.2. DYNAMIC ANALYSIS 16 2.1.3. BLACKBOXING/SANDBOXING 25 2.2. DYNAMIC ANALYSIS COUNTERMEASURES 27 2.2.1. ANTI-DEBUGGING 28 2.2.2. ANTI-MONITORING 29 2.2.3. ANTI-EMULATION AND VIRTUAL MACHINE DETECTION 31 2.3. CODE MUTATION, OBFUSCATION, AND METAMORPHIC TRANSFORMATIONS 32 2.3.1. OBFUSCATION TAXONOMY 33 2.3.2. CODE TRANSFORMATIONS TECHNIQUES 34 2.4. PACKERS, ENCRYPTION, AND THE EVOLUTION TO METAMORPHIC MALWARE 37 2.4.1. PACKERS 37 2.4.2. OLIGOMORPHISM 38 2.4.3. POLYMORPHISM 39 2.4.4. METAMORPHISM 40 2.5. SUMMARY 42 3. DATA FLOW AND VALUE SET ANALYSIS FOR BINARY INVESTIGATION 43 3.1. DATA FLOW ANALYSIS 43 3.1.1. LOCAL AND GLOBAL SCOPE 44 3.1.2. DATA FLOW FUNDAMENTALS 44 3.2. VALUE SET ANALYSIS 47 3.2.1. TAXONOMY 48 3.2.2. METHODOLOGY 53 3.2.3. OPTIMIZATIONS 59 3.3. RELATED WORK 64 IX HTTP://D-NB.INFO/1023365804 IMAGE 2 3.3.1. DATA FLOW TRACKING IN THE CONTEXT OF REVERSE ENGINEERING 64 3.3.2. VALUE SET ANALYSIS APPLICATIONS 65 3.4. SUMMARY 66 4. MALWARE CLASSIFICATION AND DETECTION: STATE-OF-THE-ART AND RELATED WORK 69 4.1. STATE-OF-THE-ART IN ANTI-VIRUS SOLUTIONS 69 4.2. RELATED WORK 72 4.2.1. NORMALIZATION 73 4.2.2. STRUCTURAL COMPARISON 75 4.2.3. EXPLOITATION OF STATISTICAL PROPERTIES 78 4.2.4. CLASSIFICATION BASED ON DATA FLOW PROPERTIES 79 4.3. WIDER OVERVIEW OF MALWARE CLASSIFICATION APPROACHES 80 4.4. SUMMARY 82 5. CLASSIFICATION BASED ON VALUE SET INFORMATION 83 5.1. ASSUMPTIONS 85 5.2. VALUE SET ANALYSIS 87 5.3. PRE-FILTERING 87 5.4. REFINEMENT 89 5.4.1. REFINEMENT PROCESS 89 5.4.2. NECESSARY AMOUNT OF REFINEMENT STEPS 92 5.5. MATCHING SCHEME 93 5.5.1. DEFINITION OF A SIMILARITY MEASURE 93 5.5.2. MATCHING OF DATA OBJECTS 97 5.5.3. AGGREGATION OF LOWER LEVELS 102 5.5.4. MATCHING ON VALUE SET LEVEL 106 5.5.5. MATCHING ON FILE LEVEL 107 5.5.6. OPTIMIZED MATCHING 107 5.5.7. CHARACTERISTIC POINTS OF INTEREST I L L 5.5.8. SUMMARY OF THE MATCHING SCHEME 113 5.6. SUMMARY 113 6. EVALUATION 115 6.1. EVALUATING THE CLASSIFICATION SCHEME TOWARDS REAL-LIFE USAGE 115 6.1.1. CLASSIFICATION PERFORMANCE 116 6.1.2. SCALABILITY TOWARDS NEW METAMORPHIC MALWARE FAMILIES 116 6.1.3. RUN-TIME PERFORMANCE 116 6.1.4. BREEDING OF SPECIMEN FOR EVALUATION 117 6.2. PARAMETER DERIVATION 118 6.2.1. SINGLE PARAMETER INFLUENCE 121 6.2.2. PARAMETER IMPACT 126 6.2.3. SUITABLE PARAMETER COMBINATIONS 127 6.2.4. SUMMARY AND DISCUSSION 129 X IMAGE 3 CONTENTS 6.3. GENERALITY OF THE PARAMETER SET 129 6.3.1. EXPERIMENT SETUP 130 6.3.2. ALL INSTRUCTION-BASED QUALITY 131 6.3.3. QUALITY FOR SPECIFIC POINTS OF INTEREST 133 6.3.4. SUMMARY AND DISCUSSION 134 6.4. EVALUATION OF MALWARE CLASSIFICATION PERFORMANCE 134 6.4.1. EXPERIMENT SETUP 135 6.4.2. CLASSIFICATION QUALITY 135 6.4.3. SUMMARY AND DISCUSSION 138 6.5. RUN-TIME PERFORMANCE EVALUATION 139 6.5.1. EXPERIMENT SETUP 140 6.5.2. USE-CASE CRITERIA 141 6.5.3. RUN-TIME PERFORMANCE 142 6.5.4. RUN-TIME COMPARISON WITH RELATED METHODOLOGIES 145 6.5.5. CONCLUSIONS 149 6.6. SUMMARY 150 7. DISCUSSION 153 7.1. LIMITS OF STATIC ANALYSIS 154 7.2. LIMITS OF THE VALUE SET ANALYSIS 157 7.2.1. ATTACKING THE PRECISION OF THE VALUE SET ANALYSIS 158 7.2.2. IMPACT OF ALTERING CHARACTERISTIC VALUE SETS 160 7.3. LIMITS OF THE EVALUATION 160 7.4. LIMITS INTRODUCED BY TOOLS 161 7.5. SUMMARY 163 8. SUMMARY 165 9. FURTHER RESEARCH QUESTIONS 171 A. CONFIGURATION PARAMETERS FOR METAMORPHIC MALWARE DETECTION. 175 B. CONSIDERED METAMORPHIC MALWARE 179 C. SELECTION OF BENIGN PROGRAMS. 185 D. SELECTION OF INFECTED FILES. 189 ABBREVIATIONS 193 REFERENCES 194 XI
any_adam_object	1
author	Leder, Felix
author_facet	Leder, Felix
author_role	aut
author_sort	Leder, Felix
author_variant	f l fl
building	Verbundindex
bvnumber	BV041398258
ctrlnum	(OCoLC)839910124 (DE-599)DNB1023365804
dewey-full	005.84
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.84
dewey-search	005.84
dewey-sort	15.84
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
edition	1., Auflage
format	Thesis Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01668nam a2200445 c 4500</leader><controlfield tag="001">BV041398258</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20131105 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">131105s2012 gw a\|\|\| m\|\|\| 00\|\|\| ger d</controlfield><datafield tag="015" ind1=" " ind2=" "><subfield code="a">12,N25</subfield><subfield code="2">dnb</subfield></datafield><datafield tag="016" ind1="7" ind2=" "><subfield code="a">1023365804</subfield><subfield code="2">DE-101</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9783898632515</subfield><subfield code="c">Pb. : EUR 45.00 (DE), EUR 46.30 (AT)</subfield><subfield code="9">978-3-89863-251-5</subfield></datafield><datafield tag="024" ind1="3" ind2=" "><subfield code="a">9783898632515</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)839910124</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)DNB1023365804</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rakddb</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">ger</subfield></datafield><datafield tag="044" ind1=" " ind2=" "><subfield code="a">gw</subfield><subfield code="c">XA-DE-SH</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-29T</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.84</subfield><subfield code="2">22/ger</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">004</subfield><subfield code="2">sdnb</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Leder, Felix</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Classification of Metamorphic Malware using Value Set Analysis</subfield><subfield code="c">vorgelegt von Felix Sebastian Leder</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">1., Auflage</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Waabs</subfield><subfield code="b">GCA</subfield><subfield code="c">2012</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XVI, 212 S.</subfield><subfield code="b">55 Ill.</subfield><subfield code="c">209 mm x 148 mm, 345 g</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="0" ind2=" "><subfield code="a">Forschen und Wissen - Informatik</subfield></datafield><datafield tag="502" ind1=" " ind2=" "><subfield code="a">Zugl.: Bonn, Univ., Diss., 2012</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Datenflussanalyse</subfield><subfield code="0">(DE-588)1058751557</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Malware</subfield><subfield code="0">(DE-588)4687059-3</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="655" ind1=" " ind2="7"><subfield code="0">(DE-588)4113937-9</subfield><subfield code="a">Hochschulschrift</subfield><subfield code="2">gnd-content</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Malware</subfield><subfield code="0">(DE-588)4687059-3</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Datenflussanalyse</subfield><subfield code="0">(DE-588)1058751557</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">DNB Datenaustausch</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=026845858&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-026845858</subfield></datafield></record></collection>
genre	(DE-588)4113937-9 Hochschulschrift gnd-content
genre_facet	Hochschulschrift
id	DE-604.BV041398258
illustrated	Illustrated
indexdate	2024-07-10T00:55:50Z
institution	BVB
isbn	9783898632515
language	German
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-026845858
oclc_num	839910124
open_access_boolean
owner	DE-29T
owner_facet	DE-29T
physical	XVI, 212 S. 55 Ill. 209 mm x 148 mm, 345 g
publishDate	2012
publishDateSearch	2012
publishDateSort	2012
publisher	GCA
record_format	marc
series2	Forschen und Wissen - Informatik
spelling	Leder, Felix Verfasser aut Classification of Metamorphic Malware using Value Set Analysis vorgelegt von Felix Sebastian Leder 1., Auflage Waabs GCA 2012 XVI, 212 S. 55 Ill. 209 mm x 148 mm, 345 g txt rdacontent n rdamedia nc rdacarrier Forschen und Wissen - Informatik Zugl.: Bonn, Univ., Diss., 2012 Datenflussanalyse (DE-588)1058751557 gnd rswk-swf Malware (DE-588)4687059-3 gnd rswk-swf (DE-588)4113937-9 Hochschulschrift gnd-content Malware (DE-588)4687059-3 s Datenflussanalyse (DE-588)1058751557 s DE-604 DNB Datenaustausch application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=026845858&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	Leder, Felix Classification of Metamorphic Malware using Value Set Analysis Datenflussanalyse (DE-588)1058751557 gnd Malware (DE-588)4687059-3 gnd
subject_GND	(DE-588)1058751557 (DE-588)4687059-3 (DE-588)4113937-9
title	Classification of Metamorphic Malware using Value Set Analysis
title_auth	Classification of Metamorphic Malware using Value Set Analysis
title_exact_search	Classification of Metamorphic Malware using Value Set Analysis
title_full	Classification of Metamorphic Malware using Value Set Analysis vorgelegt von Felix Sebastian Leder
title_fullStr	Classification of Metamorphic Malware using Value Set Analysis vorgelegt von Felix Sebastian Leder
title_full_unstemmed	Classification of Metamorphic Malware using Value Set Analysis vorgelegt von Felix Sebastian Leder
title_short	Classification of Metamorphic Malware using Value Set Analysis
title_sort	classification of metamorphic malware using value set analysis
topic	Datenflussanalyse (DE-588)1058751557 gnd Malware (DE-588)4687059-3 gnd
topic_facet	Datenflussanalyse Malware Hochschulschrift
url	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=026845858&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT lederfelix classificationofmetamorphicmalwareusingvaluesetanalysis

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Inhaltsverzeichnis

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge