Malware static analysis and DDoS capabilities detection
This addresses malware analysis for cybersecurity, but it is incremental as it builds on existing binary analysis techniques.
The paper tackles detecting DDoS capabilities in malware binaries by designing a framework that integrates binary analysis methods, achieving detection on a dataset of 815 malware samples and testing false positives on 525 benign binaries.
The present thesis addresses the topic of denial of service capabilities detection at malware binary level, with the aim of designing a framework that integrate results from different binary analysis methods and decide on the DDoS capabilities of the analysed malware. We have implemented a process to extract meaningful data from malware samples, the extracted data was used to find characteristics and features that can lead to the detection of DDoS capabilities in binaries. Based on the discoveries, a set of rules was elaborated to detect those features in binaries. The method is tested on a dataset of 815 samples. Another dataset of 525 benign binaries is also used to test false positives rate of the implemented method. The results of our method are compared with Virus Total analysis results to assess our detection approach.