The Detection of File-Less Malware


The Detection of File-Less Malware


Traditional malware consists of compiled programs that reside on either the file system or in the boot loader. Significant research has been performed in the detection of traditional malware. File-less malware is a recent development that aims to avoid detection by making use of obfuscated scripts that are often stored in the Windows registry. File-less malware uses techniques that abuse existing operating system utilities and scripting languages. The use of File-less malware techniques are increasing and aim to blur the line between malware and benign programs. File-less malware consists of obfuscated scripts that are de-obfuscated as the script is executed. The aim of this project is to perform dynamic analysis of File-less malware samples, to document the operation of common file-less malware variants and to generate features for detection, and to evaluate machine learning techniques that can be used for the detection of a wide variety of File-less malware.

Supervisory Team

Principal Supervisor: Dr Iqbal Gondal


Joarder Kamruzzaman