NetwIOC: a framework for the automated generation of network-based IOCS for malware information sharing and defence

- Rudman, Lauren Lynne

Title
NetwIOC: a framework for the automated generation of network-based IOCS for malware information sharing and defence
Creator
Rudman, Lauren Lynne
ThesisAdvisor
Irwin, Barry Vivian William
Subject
Malware (Computer software)
Subject
Computer networks Security measures
Subject
Computer security
Subject
Python (Computer program language)
Date
2018
Type
text
Type
Thesis
Type
Masters
Type
MSc
Identifier
http://hdl.handle.net/10962/60639
Identifier
vital:27809
Description
With the substantial number of new malware variants found each day, it is useful to have an efficient way to retrieve Indicators of Compromise (IOCs) from the malware in a format suitable for sharing and detection. In the past, these indicators were manually created after inspection of binary samples and network traffic. The Cuckoo Sandbox, is an existing dynamic malware analysis system which meets the requirements for the proposed framework and was extended by adding a few custom modules. This research explored a way to automate the generation of detailed network-based IOCs in a popular format which can be used for sharing. This was done through careful filtering and analysis of the PCAP hie generated by the sandbox, and placing these values into the correct type of STIX objects using Python, Through several evaluations, analysis of what type of network traffic can be expected for the creation of IOCs was conducted, including a brief ease study that examined the effect of analysis time on the number of IOCs created. Using the automatically generated IOCs to create defence and detection mechanisms for the network was evaluated and proved successful, A proof of concept sharing platform developed for the STIX IOCs is showcased at the end of the research.
Format
162 pages, pdf
Publisher
Rhodes University, Faculty of Science, Computer Science
Language
English
Rights
Rudman, Lauren Lynne
  • Hits: 2853
  • Visitors: 4528
  • Downloads: 1763

Collections

RU Department of Computer Science
Thumbnail File Description Size Format
SOURCE1 Adobe Acrobat PDF 3 MB Adobe Acrobat PDF
  • Disclaimer
  • Privacy
  • Copyright
  • Contact