NUST Institutions Library Catalogue catalog › Details for: Threat Attribution System /

Normal view MARC view ISBD view

Threat Attribution System / Hadia Saif Khan, Maryam Haq Khattak, Syed Ameer Abdullah, Zojaja Arif. (TCC-31 / BETE-56)

Contributor(s): Supervisor Dr. Waleed Bin Shahid Material type: Text

TextMCS, NUST Rawalpindi 2023Description: 59 pSubject(s): UG EE Project | TCC-31 / BETE-56DDC classification: 621.382,KHA

Contents:

Over the years, computers have undergone significant improvements, changing from bulky, expensive machines with few capabilities to sleek, potent gadgets that are portable. Nearly 97% of Americans, according to a survey, own a personal device. Personal computers and cellphones are far more susceptible to cyberattacks since they store private and sensitive information. Malicious software, commonly known as malware, has the ability to disrupt the entire network while stealing valuable information. Naturally, such attacks frequently go unnoticed. As a result, understanding malware attribution and threat-actor attribution is essential for spotting and evaluating criminal malicious activity. Malware attribution is the process of mapping a cyberattack to its threat actor. An individual, group, or organization that poses a threat to a computer system or network is referred to as a threat actor. The existing attribution systems use code similarity in APT malwares to analyze Indicators of Compromise (IOC data). With the emergence of polymorphic [12] malwares, attackers generate new signatures through slight code variations. Thus, code similarity techniques are inefficient for attribution. Our project's goal is to identify the threat actors behind Windows malware using systems event logs and registry files. It uses an anomaly-based approach to identify and classify malware. To begin with, it makes use of Sysmon to produce Windows-based operating system logs. For the purpose of identifying activity, the logs are analyzed to separate harmful from non-malicious actions. Secondly, data registries are a useful tool for locating and minimizing risks in the surroundings of threat actors. A data registry is a centralized database that houses details about user preferences, system setup, application settings, and other crucial information that an operating system or application uses. Natural Language Processing algorithms are used for classification. Malware attribution system ensures data integrity and security by timely attribution of the threat actor group.

Tags from this library: No tags from this library for this title. Log in to add tags.

Holdings ( 1 )
Title notes ( 1 )
Comments ( 0 )

Item type	Current location	Home library	Shelving location	Call number	Status	Date due	Barcode	Item holds
Project Report	Military College of Signals (MCS)	Military College of Signals (MCS)	Thesis	621.382,KHA (Browse shelf)	Available		MCSPTC-445

Total holds: 0

Over the years, computers have undergone significant improvements, changing from bulky, expensive machines with few capabilities to sleek, potent gadgets that are portable. Nearly 97% of Americans, according to a survey, own a personal device. Personal computers and cellphones are far more susceptible to cyberattacks since they store private and sensitive information. Malicious software, commonly known as malware, has the ability to disrupt the entire network while stealing valuable information. Naturally, such attacks frequently go unnoticed. As a result, understanding malware attribution and threat-actor attribution is essential for spotting and evaluating criminal malicious activity.
Malware attribution is the process of mapping a cyberattack to its threat actor. An individual, group, or organization that poses a threat to a computer system or network is referred to as a threat actor. The existing attribution systems use code similarity in APT malwares to analyze Indicators of Compromise (IOC data). With the emergence of polymorphic [12] malwares, attackers generate new signatures through slight code variations. Thus, code similarity techniques are inefficient for attribution. Our project's goal is to identify the threat actors behind Windows malware using systems event logs and registry files. It uses an anomaly-based approach to identify and classify malware. To begin with, it makes use of Sysmon to produce Windows-based operating system logs. For the purpose of identifying activity, the logs are analyzed to separate harmful from non-malicious actions. Secondly, data registries are a useful tool for locating and minimizing risks in the surroundings of threat actors. A data registry is a centralized database that houses details about user preferences, system setup, application settings, and other crucial information that an operating system or application uses. Natural Language Processing algorithms are used for classification. Malware attribution system ensures data integrity and security by timely attribution of the threat actor group.

There are no comments on this title.

to post a comment.