Author

Jumani Blango

Date of Award

Spring 3-2020

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Cyber Operations (PhDCO)

Department

Computer Science

First Advisor

Yong Wang

Second Advisor

Jun Liu

Third Advisor

Josh Stroschein

Abstract

Information technology is now at the core of many basic needs, and spreading to all industries, not limited to financial transactions, critical infrastructures, military logistics, traveling, shopping, and education. Software and hardware both have flaws, and, especially when unwitting users use computers, these flaws can be exploited by malicious authors to wreak havoc. Software code is the core of information technology, and weaknesses in software applications are exploited using sophisticated malware purposely designed to circumvent security measures. Malware authors these days employ varied tactics, such as encryption, compression, and polymorphic and metamorphic approaches to hide their intentions. The majority of malware are obfuscated. Detecting malware using static analysis is not enough; combining static and dynamic analysis especially at kernel level is critical to curb malware activities, especially at runtime when intended behaviors can be captured and learned at the kernel mode based on their activities. Ednem Analysis Tool uses both static and dynamic analysis to observe malware at the kernel level to understand the intricacies of malware in order to classify them as benign or malicious. Our evaluation and testing results show that Ednem Analysis Tool detected 87% of the malware samples during static analysis, and, when combined with dynamic analysis, the detection rate increased to 97 .42%. Static detection from similar tools such as PortEx Analyzer and Pev were 73.57% and 38.41%, respectively. Ednem is effective when static and dynamic analysis are combined to detect malware. Researchers can use Ednem Analysis Tool to perform reverse engineering and to learn the behavior of malware.

Share

COinS