Bridging the detection gap: a study on a behavior-based approach using malware techniques

Author

Geancarlo Palavicini, Eastern Washington University

Date of Award

2014

Rights

Access is available to all users

Document Type

Thesis

Degree Name

Master of Science (MS) in Computer Science

Department

Computer Science

Abstract

"In recent years the intensity and complexity of cyber attacks have increased at a rapid rate. The cost of these attacks on U.S. based companies is in the billions of dollars, including the loss of intellectual property and reputation. Novel and diverse approaches are needed to mitigate the cost of a security breach, and bridge the gap between malware detection and a security breach. This thesis focuses on the short term need to mitigate the impact of undetected shellcodes that cause security breaches. The thesis's approach focuses on the agents driving the attacks, capturing their actions, in order to piece together the attacks for forensics purposes, as well as to better understand the opponent. The work presented in this thesis employs models of normal operating system behavior to detect access to the operating system's shell interface. It also utilizes malware techniques to avoid detection and subsequent termination of the monitoring system, as well as dynamic shellcode execution methodologies in the testing of the thesis' modules to implement a monitoring system"--Document.

Comments

Typescript. Vita.

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Recommended Citation

Palavicini, Geancarlo, "Bridging the detection gap: a study on a behavior-based approach using malware techniques" (2014). EWU Masters Thesis Collection. 186.
https://dc.ewu.edu/theses/186