Automated malware analysis to identify data espionage and backdoor creation

Abstract

In the recent past, malwares have become a serious cyber security threat which has not only targeted individuals and organizations but has also threatened the cyber space of countries around the world. Amongst malware variants, Trojans designed for data espionage and backdoor creation dominates the threat landscape. This necessitate in depth study of these malwares with the scope of extracting static features like APIs, strings, IP Addresses, URLs, email addresses etc. by and large found in such mal codes. In this dissertation, an endeavored has been made to firstly establish a set of patterns, tagged as APIs and Strings persistently existent in these malwares by articulating an analysis framework. Presence of features in malware and benign dataset was checked and after assigning the weight to each feature, score is calculated. Later on using the percentile approach, threshold value for both (API and Mal String) feature set is determined. Secondly, keeping the feature set and threshold value as parameters, a methodology is proposed to automatically analyse the malwares designed for data espionage and backdoor creation. The proposed methodology was tested by using a separate dataset of malware and benign application and based on common performance attributes; it was compared with previous work in the relevant field.