Berni, Simone
(2020)
Dragonfly: next generation sandbox.
[Laurea magistrale], Università di Bologna, Corso di Studio in
Informatica [LM-DM270]
Documenti full-text disponibili:
Abstract
An endless battle between malwares and malware analysts is fought every day. Many techniques of analysis are deployed, allowing the study of targets in a clean environment. Isolation is commonly provided by sandboxes, but it is not the only way: a new paradigm is emerging, emulation, that allows the study of targets without having to fear that its own infrastructure can be infected.
Malwares are detected and categorized using rules, simple regex queries that describe their behaviours and are matched against the static sample, but thanks to the emulation we can move this process a step further: Dragonfly allows deeper and more precise rules that are matched during the emulation of the target, allowing even the execution of custom user functions when a rule is matched to bring the analysis to its next step
Abstract
An endless battle between malwares and malware analysts is fought every day. Many techniques of analysis are deployed, allowing the study of targets in a clean environment. Isolation is commonly provided by sandboxes, but it is not the only way: a new paradigm is emerging, emulation, that allows the study of targets without having to fear that its own infrastructure can be infected.
Malwares are detected and categorized using rules, simple regex queries that describe their behaviours and are matched against the static sample, but thanks to the emulation we can move this process a step further: Dragonfly allows deeper and more precise rules that are matched during the emulation of the target, allowing even the execution of custom user functions when a rule is matched to bring the analysis to its next step
Tipologia del documento
Tesi di laurea
(Laurea magistrale)
Autore della tesi
Berni, Simone
Relatore della tesi
Correlatore della tesi
Scuola
Corso di studio
Indirizzo
Curriculum C: Sistemi e reti
Ordinamento Cds
DM270
Parole chiave
Dragonfly,Emulation,Sandbox,Malware Analysis
Data di discussione della Tesi
15 Luglio 2020
URI
Altri metadati
Tipologia del documento
Tesi di laurea
(NON SPECIFICATO)
Autore della tesi
Berni, Simone
Relatore della tesi
Correlatore della tesi
Scuola
Corso di studio
Indirizzo
Curriculum C: Sistemi e reti
Ordinamento Cds
DM270
Parole chiave
Dragonfly,Emulation,Sandbox,Malware Analysis
Data di discussione della Tesi
15 Luglio 2020
URI
Statistica sui download
Gestione del documento: