| 000 -LEADER |
|---|
| fixed length control field |
02579nam a22001697a 4500 |
| 003 - CONTROL NUMBER IDENTIFIER |
|---|
| control field |
NUST |
| 040 ## - CATALOGING SOURCE |
|---|
| Original cataloging agency |
0 |
| 082 ## - DEWEY DECIMAL CLASSIFICATION NUMBER |
|---|
| Classification number |
621.382,KHA |
| 245 ## - TITLE STATEMENT |
|---|
| Title |
Threat Attribution System / |
| Statement of responsibility, etc. |
Hadia Saif Khan, Maryam Haq Khattak, Syed Ameer Abdullah, Zojaja Arif. (TCC-31 / BETE-56) |
| 264 ## - PRODUCTION, PUBLICATION, DISTRIBUTION, MANUFACTURE, AND COPYRIGHT NOTICE |
|---|
| Place of production, publication, distribution, manufacture |
MCS, NUST |
| Name of producer, publisher, distributor, manufacturer |
Rawalpindi |
| Date of production, publication, distribution, manufacture, or copyright notice |
2023 |
| 300 ## - PHYSICAL DESCRIPTION |
|---|
| Extent |
59 p |
| 505 ## - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
Over the years, computers have undergone significant improvements, changing from bulky, expensive machines with few capabilities to sleek, potent gadgets that are portable. Nearly 97% of Americans, according to a survey, own a personal device. Personal computers and cellphones are far more susceptible to cyberattacks since they store private and sensitive information. Malicious software, commonly known as malware, has the ability to disrupt the entire network while stealing valuable information. Naturally, such attacks frequently go unnoticed. As a result, understanding malware attribution and threat-actor attribution is essential for spotting and evaluating criminal malicious activity.<br/>Malware attribution is the process of mapping a cyberattack to its threat actor. An individual, group, or organization that poses a threat to a computer system or network is referred to as a threat actor. The existing attribution systems use code similarity in APT malwares to analyze Indicators of Compromise (IOC data). With the emergence of polymorphic [12] malwares, attackers generate new signatures through slight code variations. Thus, code similarity techniques are inefficient for attribution. Our project's goal is to identify the threat actors behind Windows malware using systems event logs and registry files. It uses an anomaly-based approach to identify and classify malware. To begin with, it makes use of Sysmon to produce Windows-based operating system logs. For the purpose of identifying activity, the logs are analyzed to separate harmful from non-malicious actions. Secondly, data registries are a useful tool for locating and minimizing risks in the surroundings of threat actors. A data registry is a centralized database that houses details about user preferences, system setup, application settings, and other crucial information that an operating system or application uses. Natural Language Processing algorithms are used for classification. Malware attribution system ensures data integrity and security by timely attribution of the threat actor group. |
| 650 ## - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name entry element |
UG EE Project |
| 690 ## - LOCAL SUBJECT ADDED ENTRY--TOPICAL TERM (OCLC, RLIN) |
|---|
| Topical term or geographic name as entry element |
TCC-31 / BETE-56 |
| 700 ## - ADDED ENTRY--PERSONAL NAME |
|---|
| Personal name |
Supervisor Dr. Waleed Bin Shahid |
| 942 ## - ADDED ENTRY ELEMENTS (KOHA) |
|---|
| Source of classification or shelving scheme |
|
| Koha item type |
Thesis |
