Detecting unknown malware using bootlog analysis

OData support
Dr. Félegyházi Márk
Department of Networked Systems and Services

Fighting against malware infection needs continous improvements. This thesis is about designing and implementing a new bootlog analysis based malware detection technique. Detection is based on the computer's behaviour during boot time. The detection technique is to look for anomalies in the bootlog. If there are enough indicators I flag the computer infected.

The dissertation writes about the additionally needed background information, and provides some insight to the world of malware infections. I needed to build an individual test framework. I also write about this framework's description in details. In the methodology section I point out the problems with some earlier publication's approach, which are program-centric (such as the system call sequences built n-gram based detections). I also write about my algorithm, and test methodology in details. Proper test methodology is important to get reliable measures. In the end I summarize my algorithm's weak points, limits and improvement possibilities.


Please sign in to download the files of this thesis.