Transcriptase–Light: A Polymorphic Virus Construction Kit
Uloženo v:
| Název: | Transcriptase–Light: A Polymorphic Virus Construction Kit |
|---|---|
| Autoři: | Borwankar, Saurabh |
| Zdroj: | Master's Projects |
| Informace o vydavateli: | SJSU ScholarWorks |
| Rok vydání: | 2017 |
| Sbírka: | San José State University: SJSU ScholarWorks |
| Témata: | Polymorphic Computer Virus, Javascript malware, virus construction kit, Information Security |
| Popis: | Many websites use JavaScript to display dynamic and interactive content. Hence, attackers are developing JavaScript–based malware. In this paper, we focus on Transcriptase JavaScript malware. The high–level and dynamic nature of the JavaScript language helps malware writers to create polymorphic and metamorphic malware using obfuscation techniques. These types of malware change their internal structure on each infection, making them difficult to detect with traditional methods. These types of malware can be detected using machine learning methods. This project creates Transcriptase–Light, a new polymorphic construction kit. We perform an experiment with the Transcriptase–Light against a hidden Markov model. Our experiment shows that the HMM based detector failed in detecting Transcriptase–Light. After observing the results, we try to detect malware using the decryption part of Transcriptase–Light. To avoid detection, we generate the polymorphic version of the decryption part. |
| Druh dokumentu: | text |
| Popis souboru: | application/pdf |
| Jazyk: | unknown |
| Relation: | https://scholarworks.sjsu.edu/etd_projects/513; https://scholarworks.sjsu.edu/context/etd_projects/article/1513/viewcontent/borwankar_saurabh.pdf |
| DOI: | 10.31979/etd.um68-q8av |
| Dostupnost: | https://scholarworks.sjsu.edu/etd_projects/513 https://doi.org/10.31979/etd.um68-q8av https://scholarworks.sjsu.edu/context/etd_projects/article/1513/viewcontent/borwankar_saurabh.pdf |
| Přístupové číslo: | edsbas.55CFF902 |
| Databáze: | BASE |
Nájsť tento článok vo Web of Science | Abstrakt: | Many websites use JavaScript to display dynamic and interactive content. Hence, attackers are developing JavaScript–based malware. In this paper, we focus on Transcriptase JavaScript malware. The high–level and dynamic nature of the JavaScript language helps malware writers to create polymorphic and metamorphic malware using obfuscation techniques. These types of malware change their internal structure on each infection, making them difficult to detect with traditional methods. These types of malware can be detected using machine learning methods. This project creates Transcriptase–Light, a new polymorphic construction kit. We perform an experiment with the Transcriptase–Light against a hidden Markov model. Our experiment shows that the HMM based detector failed in detecting Transcriptase–Light. After observing the results, we try to detect malware using the decryption part of Transcriptase–Light. To avoid detection, we generate the polymorphic version of the decryption part. |
|---|---|
| DOI: | 10.31979/etd.um68-q8av |