Malware static analysis and DDoS capabilities detection
Mounir Baammi
TL;DR
This paper presents a framework for detecting DDoS capabilities in malware binaries by integrating multiple analysis methods, extracting features, and applying rule-based detection, validated on large datasets with comparison to VirusTotal results.
Contribution
It introduces a novel process for extracting features from malware binaries and a rule-based detection method for DDoS capabilities, validated on extensive datasets.
Findings
Effective detection of DDoS capabilities in malware binaries.
Low false positive rate demonstrated on benign dataset.
Comparable results with VirusTotal analysis.
Abstract
The present thesis addresses the topic of denial of service capabilities detection at malware binary level, with the aim of designing a framework that integrate results from different binary analysis methods and decide on the DDoS capabilities of the analysed malware. We have implemented a process to extract meaningful data from malware samples, the extracted data was used to find characteristics and features that can lead to the detection of DDoS capabilities in binaries. Based on the discoveries, a set of rules was elaborated to detect those features in binaries. The method is tested on a dataset of 815 samples. Another dataset of 525 benign binaries is also used to test false positives rate of the implemented method. The results of our method are compared with Virus Total analysis results to assess our detection approach.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Network Security and Intrusion Detection · Spam and Phishing Detection