Publication Date
2014
Document Type
Thesis
Committee Members
S. Narayanan (Advisor), Mateen Rizki (Advisor), Krishnaprasad Thirunarayan (Committee Member)
Degree Name
Master of Science in Computer Engineering (MSCE)
Abstract
People verbally express themselves in a variety of ways, yet the same patterns consistently appear within the words of a person who is being deceptive. This research provides insight and demonstrates that similar patterns exist within malicious software that do not commonly exist within benign software, and can be used to help determine that the software is malicious or untrustworthy.
The patterns that have been shown to exist within deceptive language were investigated to determine whether similar patterns exist within malware. Tests were performed to determine whether malware is more likely to consistently contain a higher or lower frequency of each instruction, contain unnecessary instructions, lack instructions to match each other, or is more compact and stealthy than benign software. 310 malware files were obtained from VirusShare and 200 viruses were generated by VCL32 (Virus Creation Laboratory) and Mass Code Generator (MPCGEN) to compare against 276 clean Windows 7 application files. The results showed that malware can be differentiated from benign software by searching for patterns within the disassembled code. These patterns will allow stronger protections to be developed and show promise to prevent future systems from being compromised.
Page Count
85
Department or Program
Department of Computer Science and Engineering
Year Degree Awarded
2014
Copyright
Copyright 2014, all rights reserved. This open access ETD is published by Wright State University and OhioLINK.
