Windows Malware Analyzer using Dockers (Malware Insight) / (Record no. 610447)
[ view plain ]
| 000 -LEADER | |
|---|---|
| fixed length control field | 02978nam a22001697a 4500 |
| 003 - CONTROL NUMBER IDENTIFIER | |
| control field | NUST |
| 082 ## - DEWEY DECIMAL CLASSIFICATION NUMBER | |
| Classification number | 005.8,SHA |
| 100 ## - MAIN ENTRY--PERSONAL NAME | |
| Personal name | Shahid, Muhammad Osama |
| 9 (RLIN) | 124642 |
| 245 ## - TITLE STATEMENT | |
| Title | Windows Malware Analyzer using Dockers (Malware Insight) / |
| Statement of responsibility, etc. | Capt Muhammad Osama Shahid, Capt Danyal Munir, Capt Muhammad Ibrahim Janjua, Capt Rizwan Ashfaq. |
| 260 ## - PUBLICATION, DISTRIBUTION, ETC. | |
| Place of publication, distribution, etc. | MCS, NUST |
| Name of publisher, distributor, etc. | Rawalpindi |
| Date of publication, distribution, etc. | 2024 |
| 300 ## - PHYSICAL DESCRIPTION | |
| Extent | xiii, 69 p |
| 505 ## - FORMATTED CONTENTS NOTE | |
| Formatted contents note | In the current cybersecurity environment, the threat of malware is on the rise and this highlights the need for effective malware analysis solutions. Various malware analysis solution exits but these solutions come with a lot of issues such as high prices, specific configurations, compatibility issues and limited accessibility. To cope with this situation, our project adopts a Docker based malware analysis architecture for analyzing Windows malware.<br/>Our project is designed to give the user a friendly, easy to use, and affordable solution. The objective of the project involves both the static and dynamic analysis. The principle features extracted by static analysis tools are hashes, architecture, file attributes, and strings analysis. Dynamic analysis capabilities include monitoring process creation or deletion, file activity, registry manipulation, and network traffic scrutiny utilizing tools like Process Monitor.<br/>While implementing, function-centric approach is used, which is to separate functions by their specific purposes. Python libraries like Pefile and shashlib are used for static feature extraction, whereas Process Monitor is used for dynamic activity monitoring. The reporting mechanism is comprehensive so that it can give the insights about the malware.<br/>The Docker environment gives portability and ease of installation across different environments a boost. Docker containers provide a lightweight and isolated environment where malware samples can be executed without affecting the host system. Each container operates independently, ensuring that malware cannot spread beyond the container boundaries. Using Docker's isolation and portability, security analysts can perform in-depth analysis of Windows-based malware samples in a controlled and repeatable environment.<br/>The usefulness of the project is underscored by the fact that it can contribute to the democratization of malware analysis, thus making the analysis process efficient and accessible to a wide range of audience, is particularly beneficial for students, small-scale organizations and cybersecurity enthusiasts.<br/>In general, this project is a step in the evolution of the methods of malware analysis through the adoption of a practical, adaptable, and cost-efficient approach that is tailored for Windows malware, and which encourages cybersecurity practitioners in their never-ending fight against cyber threat actors. |
| 650 ## - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name entry element | UG BEIS |
| 9 (RLIN) | 124639 |
| 651 ## - SUBJECT ADDED ENTRY--GEOGRAPHIC NAME | |
| Geographic name | BEIS-01 |
| 9 (RLIN) | 124643 |
| 700 ## - ADDED ENTRY--PERSONAL NAME | |
| Personal name | Supervisor Asst Prof Aimen Aakif |
| 9 (RLIN) | 124644 |
| 942 ## - ADDED ENTRY ELEMENTS (KOHA) | |
| Source of classification or shelving scheme | |
| Koha item type | Project Report |
| Withdrawn status | Lost status | Source of classification or shelving scheme | Damaged status | Not for loan | Permanent Location | Current Location | Shelving location | Date acquired | Total Checkouts | Full call number | Barcode | Date last seen | Price effective from | Koha item type |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Military College of Signals (MCS) | Military College of Signals (MCS) | General Stacks | 07/20/2024 | 005.8,SHA | MCSPIS-2 | 07/20/2024 | 07/20/2024 | Project Report |