The aim of this project was to develop an IoC (Indicator of Compromise) detection software, that can be run on multiple platforms or can easily be reimplemented. The software should be capable of processing STIX IoC files, conducting searches and preparing report based on them.
The first chapter details the background and motivation behind the project. In recent years cyber threats have gotten increasingly more complicated and attackers became more organized. Classical software solutions such as signature based virus scanners or IDS tools fail to identify most of these threats. This led to the development of new techniques and heuristics for detecting both malicious software and common attack patterns.
The second chapter details the design process. Both the design and the implementation phases used a classic top down approach. After examining the requirements and defining the functions, the user interface was first sketched. After this the background processes and functions were planned which will implement the functionality present on the user interface.
The third chapter contains the build log. The emphasis here is mostly on the unique solutions implemented in the software, and the difficulties that surfaced during this phase. Details regarding the processing of the STIX file format and its relation to other file formats are also presented here.
The final two chapters contain the evaluation of the finished software and also the possibilities for further improvements.