Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Malware Detection Group 8: Alex Finkelstein, Josh Suess, Dom Amos, Mike Hite, Kevin Hao.

Published byClaire Ellis Modified over 8 years ago

Similar presentations

Presentation on theme: "Advanced Malware Detection Group 8: Alex Finkelstein, Josh Suess, Dom Amos, Mike Hite, Kevin Hao."— Presentation transcript:

1 Advanced Malware Detection Group 8: Alex Finkelstein, Josh Suess, Dom Amos, Mike Hite, Kevin Hao

2 Problem  Detection systems relying on static malicious signatures are no longer enough.  Amount of malware increasing exponentially  Smarter malware

3 Goals  Detection based on behavior  API signatures  Multi-factor classification techniques  Naïve Bayes, SVM, Kth nearest  Automation of database maintenance  Updates

4 System Architecture  Database creation  Database link  API extraction  API signature generation  Classification models  User interface

5 Database Creation  Installation and creation of MySQL server  Creation of database and tables

6 Database Link  Installation of connector  Physical connection between visual studio and MySQL

7 API Extraction  Access the import table of each executable file in our sample directory  Loop through each API call for two purposes  Populate the API table  Generate behavioral signature

8 API Signature Generation  Similarly to extraction we are looping through all of the API calls  This time though we are comparing them with the database rather than adding them to it.

9 Classification: Naïve Bayes

10 User Interface  Simple window allows user to select the directory they want to scan

11 Current Accomplishments  Database and table creation  API Extraction  API Signature Generation

12 Remaining Work  Implementation of classification model  User interface

13 Business Potential  Two marketing options  Subscription based  Licensing  Sell out and get bought up by a real company

14 Future Development Potential  Implementation of multiple classification methods  Support for packed and encrypted files  Improved speed and stability through a different database

15 Questions?

Download ppt "Advanced Malware Detection Group 8: Alex Finkelstein, Josh Suess, Dom Amos, Mike Hite, Kevin Hao."

Similar presentations

Service Manager for MSPs

Service Manager for MSPs
Bypassing antivirus detection with encryption

Bypassing antivirus detection with encryption
What is MySQL? MySQL is a relational database management system (A relational database stores data in separate tables rather than putting all the data.

What is MySQL? MySQL is a relational database management system (A relational database stores data in separate tables rather than putting all the data.
Insider Access Behavior Team May 06 Brandon Reher Jake Gionet Steven Bromley Jon McKee Advisor Client Dr. Tom DanielsThe Boeing Company Contact Dr. Nick.

Insider Access Behavior Team May 06 Brandon Reher Jake Gionet Steven Bromley Jon McKee Advisor Client Dr. Tom DanielsThe Boeing Company Contact Dr. Nick.
The Green Group International Converter. What is International Converter? – International Converter is the ability to translate any measurement, currency,

The Green Group International Converter. What is International Converter? – International Converter is the ability to translate any measurement, currency,
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
United Nations Statistics Division Recoding the business register to ISIC Rev.4.

United Nations Statistics Division Recoding the business register to ISIC Rev.4.
SQL Server 2008 Basmah AlQadheeb-213 MIS-2011 1. What is a Database ? A database is a collection of Data that is organized so that it can easily be accessed,

SQL Server 2008 Basmah AlQadheeb-213 MIS What is a Database ? A database is a collection of Data that is organized so that it can easily be accessed,
Overview of Database Access in.Net Josh Bowen CIS 764-FS2008.

Overview of Database Access in.Net Josh Bowen CIS 764-FS2008.
Submitted by: Madeeha Khalid Sana Nisar Ambreen Tabassum.

Submitted by: Madeeha Khalid Sana Nisar Ambreen Tabassum.
WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.

WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.
Module 12 Installing and Upgrading to SharePoint 2010.

Module 12 Installing and Upgrading to SharePoint 2010.
SSIS Over DTS Sagayaraj Putti (139460). 5 September 2015 2 What is DTS?  Data Transformation Services (DTS)  DTS is a set of objects and utilities that.

SSIS Over DTS Sagayaraj Putti (139460). 5 September What is DTS?  Data Transformation Services (DTS)  DTS is a set of objects and utilities that.
Tim Leung SQL Bits October 2007.  Features and Advantages  Architecture  Installation  Creating Reports.

Tim Leung SQL Bits October  Features and Advantages  Architecture  Installation  Creating Reports.
Copyright © 2006, SAS Institute Inc. All rights reserved. What Is New in SAS Profitability Management (PrM) 2.1? Authors: Jack Zhang Solution & Version:

Copyright © 2006, SAS Institute Inc. All rights reserved. What Is New in SAS Profitability Management (PrM) 2.1? Authors: Jack Zhang Solution & Version:
SQL HW1 Turn in as a hardcopy at the start of next class period. You may work this assignment in groups.

SQL HW1 Turn in as a hardcopy at the start of next class period. You may work this assignment in groups.
Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.

Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.
Behavior-based Spyware Detection By Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna Greg Banks, Giovanni Vigna, and.

Behavior-based Spyware Detection By Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna Greg Banks, Giovanni Vigna, and.
(Building the Presentation Layer - KISS). Figuring out what to do! Every skill that we have was not learnt over night and certainly not without proper.

(Building the Presentation Layer - KISS). Figuring out what to do! Every skill that we have was not learnt over night and certainly not without proper.
MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.

MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.

Similar presentations

Ads by Google