Malware anti-analysis techniques characterization and detection: anti-disassembly

In the evolving landscape of cybersecurity, the threat posed by malware continues to grow in complexity and sophistication. This thesis focuses on the characterization and detection of malware anti-analysis techniques, specifically anti-disassembly methods. Understanding these techniques is crucial...

ver descrição completa

Detalhes bibliográficos
Autor: Mosanghini, Francesco
Formato: tesis de maestría
Fecha de publicación:2024
País:España
Recursos:Universitat Politècnica de Catalunya (UPC)
Repositorio:UPCommons. Portal del coneixement obert de la UPC
Idioma:inglés
OAI Identifier:oai:upcommons.upc.edu:2117/423082
Acesso em linha:https://hdl.handle.net/2117/423082
Access Level:acceso abierto
Palavra-chave:Malware (Computer software)
Computer networks -- Security measures
Software protection
Malware Anti-Analysis Techniques
Anti-Disassembly
YARA rules
Techniques Characterization and Detection
Programari maliciós
Ordinadors, Xarxes d' -- Mesures de seguretat
Programari -- Protecció
Àrees temàtiques de la UPC::Enginyeria de la telecomunicació::Telemàtica i xarxes d'ordinadors
Descrição
Resumo:In the evolving landscape of cybersecurity, the threat posed by malware continues to grow in complexity and sophistication. This thesis focuses on the characterization and detection of malware anti-analysis techniques, specifically anti-disassembly methods. Understanding these techniques is crucial for developing effective countermeasures against malware that attempts to evade detection by security analysts. This research delves into the various methods employed by malware to avoid disassembly and analysis. The thesis also explores the application and importance of YARA rules in identifying and mitigating these anti- analysis techniques. YARA, a powerful tool for malware research, allows for the creation of customizable rules that can detect specific patterns and behaviors associated with malicious software. Through this study, we aim to enhance the detection capabilities of cybersecurity tools and provide a robust framework for defending against sophisticated malware's techniques of obfuscation.