The Detection of File-Less Malware

PhD

The Detection of File-Less Malware

Outline

Traditional malware consists of compiled programs that reside on either the file system or in the boot loader. Significant research has been performed in the detection of traditional malware. File-less malware is a recent development that aims to avoid detection by making use of obfuscated scripts that are often stored in the Windows registry. File-less malware uses techniques that abuse existing operating system utilities and scripting languages. The use of File-less malware techniques are increasing and aim to blur the line between malware and benign programs. File-less malware consists of obfuscated scripts that are de-obfuscated as the script is executed. The aim of this project is to perform dynamic analysis of File-less malware samples, to document the operation of common file-less malware variants and to generate features for detection, and to evaluate machine learning techniques that can be used for the detection of a wide variety of File-less malware.

Supervisory Team

Principal Supervisor: Dr Iqbal Gondal

Co-supervisors:

Joarder Kamruzzaman