Thesis on Behavioral Analysis of Malware

Status: Completed

The thesis describes what constitutes a malware behavior and exploits their inherent hierarchical nature to group seemingly infinite number of behaviors into intent based hierarchical components. These intents are then sub-divided based on the implementation strategy adopted by the malware author. Each of these implementations is composed from a small set of “objects” and “actions”. By means of a controlled experiment, we verified the notion that a relatively small set of “objects” and “actions” can be used to compose a very large number of behaviors. The thesis also brought out an interesting idea of examining component-communication to cripple malware.

Software Research Laboratory

University of Louisiana at Lafayette