ATTENTION: The works hosted here are being migrated to a new repository that will consolidate resources, improve discoverability, and better show UTA's research impact on the global community. We will update authors as the migration progresses. Please see MavMatrix for more information.
Show simple item record
dc.contributor.advisor | Levine, David | |
dc.creator | Singhal, Mohit | |
dc.date.accessioned | 2019-05-28T22:31:57Z | |
dc.date.available | 2019-05-28T22:31:57Z | |
dc.date.created | 2019-05 | |
dc.date.issued | 2019-05-08 | |
dc.date.submitted | May 2019 | |
dc.identifier.uri | http://hdl.handle.net/10106/28148 | |
dc.description.abstract | With the increase in the usage of websites as the main source of information gathering, malicious activity especially drive-by download has exponentially increased. A drive-by download refers to unintentional download of malicious code to a user computer that leaves the user open to a cyberattack. It has become the preferred distribution vector for many malware families. Malware is any software intentionally designed to cause damage to a user computer.
The purpose of this research is to analyze the malware that were obtained from visiting approximately 100,000 malicious URLs and then running these binaries in sandboxes and then analyzing their runtime behavior with a software tool (YARA) to categorize them and classify what malware family to which they belong.
Out of the 1414 program executables (binaries) that were captured, 1000 binaries were executed and 99 were identified as false-positive. Out of the 1414 binaries that were extracted 959 of them were executable, 48% of the binaries were extracted from websites that were hosted in the US. We also found that 105 binaries had the same name but different hashes that is, they were not identical. Out of the 901 binaries, 867 of them were identified as Trojan Horse and we were able to identify 53 type of malware families, with one particular family, Kyrptik, having 176 malware belonging to it which is about 19% and about 4% of the malware families were not identified. | |
dc.format.mimetype | application/pdf | |
dc.language.iso | en_US | |
dc.subject | Malware | |
dc.subject | Drive-by download | |
dc.subject | Internet | |
dc.subject | Cyberattack | |
dc.subject | Software | |
dc.subject | Sandbox | |
dc.subject | Cuckoo | |
dc.subject | VMRay | |
dc.subject | YARA | |
dc.subject | Trojan horse | |
dc.title | ANALYSIS AND CATEGORIZATION OF DRIVE-BY DOWNLOAD MALWARE USING SANDBOXING AND YARA RULESET | |
dc.type | Thesis | |
dc.degree.department | Computer Science and Engineering | |
dc.degree.name | Master of Science in Computer Science | |
dc.date.updated | 2019-05-28T22:31:58Z | |
thesis.degree.department | Computer Science and Engineering | |
thesis.degree.grantor | The University of Texas at Arlington | |
thesis.degree.level | Masters | |
thesis.degree.name | Master of Science in Computer Science | |
dc.type.material | text | |
Files in this item
- Name:
- SINGHAL-THESIS-2019.pdf
- Size:
- 6.922Mb
- Format:
- PDF
This item appears in the following Collection(s)
Show simple item record