The Development and Effectiveness of Malware Vaccination : An Experiment

University essay from Blekinge Tekniska Högskola/Institutionen för datavetenskap; Blekinge Tekniska Högskola/Institutionen för datavetenskap

Author: Lukas Ädel; Oskar Eliasson; [2020]

Keywords: vaccine; data-points; malware;

Abstract: Background. The main problem that our master thesis is trying to reduce is malware infection. One method that can be used to accomplish this goal is based on the fact that most malware does not want to get caught by security programs and are actively trying to avoid them. To not get caught malware can check for the existence of security-related programs and artifacts before executing malicious code and depending on what they find, they will evaluate if the computer is worth infecting. The idea is that by identifying these checks we could "vaccinate" a system with data-points that trigger these checks and trick the malware into believing that a system is protected and skip it. Objectives. This thesis will research common malware evasion techniques to find what data-points malware avoids and develop a vaccine with the found data-points. To test the effectiveness of the vaccine an experiment will be conducted where malware will be executed on different systems to observe their behavior. Methods. The vaccine concept will be tested by gathering data-points with a background review of related works and performing an experiment. In the experiment a virtual machine without protective measures is used as a baseline which can be compared to a virtual machine with the vaccine. It is also interesting to see how a vaccine compares to an antivirus solution and how / if it would cooperate with an antivirus solution, so two more virtual machines are added to the experiment, one with just an antivirus software installed, and a second one with antivirus installed plus the vaccine. On these four systems, a set of malware will be executed and their behavior and activity (Windows API calls) will also be measured and compared. Results. This experiment showed that our vaccine was effective in reducing malware behavior, 70% of the malware did reduce their activity when exposed to the vaccine compared to the baseline. The results also indicate that the vaccine was effective in cooperation with an antivirus program, 85% of the malware did reduce their activity on this virtual machine compared to the baseline. Conclusions. From the results, we can conclude that of our created systems the system that reduced the most malware activity was the system with antivirus plus vaccine. This shows that vaccination can be a viable option for researchers to further study.

  AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)