Malware Family Identification from Malspam Features

Project Title:

Supervisors:

Dr Iqbal Gondal (SoEITPS), Dr Sally Firmin (SoEITPS)

Contact Person:

Dr Iqbal Gondal Iqbal.gondal@federation.edu.au

Project Brief

Malware is commonly distributed by attaching malicious scripts to unsolicited or targeted emails. Organisations that perform threat intelligence processing on malware often process several hundreds of thousands of malware samples per day. Different malware families have different processing requirements and are split into streams to ensure correct processing. A practical difficulty arises from this need to split the malware samples into family-based processing streams. A common method for malware family identification is to execute each malware sample on a Cuckoo sandbox and to use yara rules to identify the malware family. Given the high volume of malware samples that need to be processed, dynamic analysis using yara rules is too slow. This project calls for the generation of features from emails and the associated malicious attachment and an evaluation of a variety of machine learning techniques in order to identify the malware family.

Explore courses

Course levels

Information for

Admission information

Life at Federation

Before you apply

How to apply

After you apply

Research support

Our research

Engage

Give

Industry

Partnerships

About us

Our vision and strategy

Our structure

Commercial Services

Study

Apply

Research

Engage

About

Malware Family Identification from Malspam Features