Publication Date

2014

Document Type

Thesis

Committee Members

S. Narayanan (Advisor), Mateen Rizki (Advisor), Krishnaprasad Thirunarayan (Committee Member)

Degree Name

Master of Science in Computer Engineering (MSCE)

Abstract

People verbally express themselves in a variety of ways, yet the same patterns consistently appear within the words of a person who is being deceptive. This research provides insight and demonstrates that similar patterns exist within malicious software that do not commonly exist within benign software, and can be used to help determine that the software is malicious or untrustworthy.

The patterns that have been shown to exist within deceptive language were investigated to determine whether similar patterns exist within malware. Tests were performed to determine whether malware is more likely to consistently contain a higher or lower frequency of each instruction, contain unnecessary instructions, lack instructions to match each other, or is more compact and stealthy than benign software. 310 malware files were obtained from VirusShare and 200 viruses were generated by VCL32 (Virus Creation Laboratory) and Mass Code Generator (MPCGEN) to compare against 276 clean Windows 7 application files. The results showed that malware can be differentiated from benign software by searching for patterns within the disassembled code. These patterns will allow stronger protections to be developed and show promise to prevent future systems from being compromised.

Page Count

85

Department or Program

Department of Computer Science and Engineering

Year Degree Awarded

2014


Share

COinS