NUST Institutions Library Catalogue catalog › Details for: Windows Malware Analyzer using Dockers (Malware Insight) /

Normal view MARC view ISBD view

Windows Malware Analyzer using Dockers (Malware Insight) / Capt Muhammad Osama Shahid, Capt Danyal Munir, Capt Muhammad Ibrahim Janjua, Capt Rizwan Ashfaq.

By: Shahid, Muhammad Osama Contributor(s): Supervisor Asst Prof Aimen Aakif Material type: Text

TextPublisher: MCS, NUST Rawalpindi 2024Description: xiii, 69 pSubject(s): UG BEIS | BEIS-01DDC classification: 005.8,SHA

Contents:

In the current cybersecurity environment, the threat of malware is on the rise and this highlights the need for effective malware analysis solutions. Various malware analysis solution exits but these solutions come with a lot of issues such as high prices, specific configurations, compatibility issues and limited accessibility. To cope with this situation, our project adopts a Docker based malware analysis architecture for analyzing Windows malware. Our project is designed to give the user a friendly, easy to use, and affordable solution. The objective of the project involves both the static and dynamic analysis. The principle features extracted by static analysis tools are hashes, architecture, file attributes, and strings analysis. Dynamic analysis capabilities include monitoring process creation or deletion, file activity, registry manipulation, and network traffic scrutiny utilizing tools like Process Monitor. While implementing, function-centric approach is used, which is to separate functions by their specific purposes. Python libraries like Pefile and shashlib are used for static feature extraction, whereas Process Monitor is used for dynamic activity monitoring. The reporting mechanism is comprehensive so that it can give the insights about the malware. The Docker environment gives portability and ease of installation across different environments a boost. Docker containers provide a lightweight and isolated environment where malware samples can be executed without affecting the host system. Each container operates independently, ensuring that malware cannot spread beyond the container boundaries. Using Docker's isolation and portability, security analysts can perform in-depth analysis of Windows-based malware samples in a controlled and repeatable environment. The usefulness of the project is underscored by the fact that it can contribute to the democratization of malware analysis, thus making the analysis process efficient and accessible to a wide range of audience, is particularly beneficial for students, small-scale organizations and cybersecurity enthusiasts. In general, this project is a step in the evolution of the methods of malware analysis through the adoption of a practical, adaptable, and cost-efficient approach that is tailored for Windows malware, and which encourages cybersecurity practitioners in their never-ending fight against cyber threat actors.

Tags from this library: No tags from this library for this title. Log in to add tags.

Holdings ( 1 )
Title notes ( 1 )
Comments ( 0 )

Item type	Current location	Home library	Shelving location	Call number	Status	Date due	Barcode	Item holds
Project Report	Military College of Signals (MCS)	Military College of Signals (MCS)	General Stacks	005.8,SHA (Browse shelf)	Available		MCSPIS-2

Total holds: 0

In the current cybersecurity environment, the threat of malware is on the rise and this highlights the need for effective malware analysis solutions. Various malware analysis solution exits but these solutions come with a lot of issues such as high prices, specific configurations, compatibility issues and limited accessibility. To cope with this situation, our project adopts a Docker based malware analysis architecture for analyzing Windows malware.
Our project is designed to give the user a friendly, easy to use, and affordable solution. The objective of the project involves both the static and dynamic analysis. The principle features extracted by static analysis tools are hashes, architecture, file attributes, and strings analysis. Dynamic analysis capabilities include monitoring process creation or deletion, file activity, registry manipulation, and network traffic scrutiny utilizing tools like Process Monitor.
While implementing, function-centric approach is used, which is to separate functions by their specific purposes. Python libraries like Pefile and shashlib are used for static feature extraction, whereas Process Monitor is used for dynamic activity monitoring. The reporting mechanism is comprehensive so that it can give the insights about the malware.
The Docker environment gives portability and ease of installation across different environments a boost. Docker containers provide a lightweight and isolated environment where malware samples can be executed without affecting the host system. Each container operates independently, ensuring that malware cannot spread beyond the container boundaries. Using Docker's isolation and portability, security analysts can perform in-depth analysis of Windows-based malware samples in a controlled and repeatable environment.
The usefulness of the project is underscored by the fact that it can contribute to the democratization of malware analysis, thus making the analysis process efficient and accessible to a wide range of audience, is particularly beneficial for students, small-scale organizations and cybersecurity enthusiasts.
In general, this project is a step in the evolution of the methods of malware analysis through the adoption of a practical, adaptable, and cost-efficient approach that is tailored for Windows malware, and which encourages cybersecurity practitioners in their never-ending fight against cyber threat actors.

There are no comments on this title.

to post a comment.