Malware static analysis and DDoS capabilities detection
The present thesis addresses the topic of denial of service capabilities detection at malware binary level, with the aim of designing a framework that integrate results from different binary analysis methods and decide on the DDoS capabilities of the analysed malware. We have implemented a process to extract meaningful data from malware samples, the extracted data was used to find characteristics and features that can lead to the detection of DDoS capabilities in binaries. Based on the discoveries, a set of rules was elaborated to detect those features in binaries. The method is tested on a dataset of 815 samples. Another dataset of 525 benign binaries is also used to test false positives rate of the implemented method. The results of our method are compared with Virus Total analysis results to assess our detection approach.
READ FULL TEXT