Collection and analysis of web-based exploits and malware

Simple item page
dc.contributor.advisorJacobson, Michael John
dc.contributor.advisorWilliamson, Carey
dc.contributor.authorObied, Ahmed Mohamed Abdulla
dc.date.accessioned2017-12-18T21:40:41Z
dc.date.available2017-12-18T21:40:41Z
dc.date.issued2008
dc.descriptionBibliography: p. 123-132en
dc.descriptionSome pages are in colour.en
dc.description.abstractMalicious software in the form of worms, Trojan horses, spyware, and bots has become an effective tool for financial gain. To effectively infect the computers of unsuspecting users with malware, attackers use malicious Web pages. When a user views a malicious Web page using a Web browser, the malicious Web page delivers a Web-based exploit that targets browser vulnerabilities. Successful exploitation of a browser vulnerability can lead to an automatic download and execution of malware on the victim's computer. This thesis presents a honeypot that uses Internet Explorer as bait to identify malicious Web pages, which successfully download and execute malware via Web­based exploits. When the honeypot instructs Internet Explorer to visit a Web page, the honeypot monitors and records process and file creation activities of Internet Explorer and processes spawned by Internet Explorer. The recorded activities are analyzed to find deviations from normal behavior, which indicate successful exploita­tion. The Web-based exploits delivered by malicious Web pages and the malware downloaded by the exploits are automatically collected by the honeypot after suc­cessful exploitations. Additionally, the honeypot constructs an analysis graph to find relationships between different malicious Web pages and identify the Web pages that download the same malware. This thesis also presents an analysis of data collected by the honeypot after processing 33,811 URLs collected fom three data sets. Observations and case studies are presented to provide insights about Web-based exploits and malware, malicious Web pages, and the techniques used by attackers to deliver and obfuscate the exploits.
dc.format.extentxiv, 137 leaves : ill. ; 30 cm.en
dc.identifier.citationObied, A. M. (2008). Collection and analysis of web-based exploits and malware (Master's thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca. doi:10.11575/PRISM/2097en_US
dc.identifier.doihttp://dx.doi.org/10.11575/PRISM/2097
dc.identifier.urihttp://hdl.handle.net/1880/103098
dc.language.isoeng
dc.publisher.institutionUniversity of Calgaryen
dc.publisher.placeCalgaryen
dc.rightsUniversity of Calgary graduate students retain copyright ownership and moral rights for their thesis. You may use this material in any way that is permitted by the Copyright Act or through licensing that has been assigned to the document. For uses that are not allowable under copyright legislation or licensing, you are required to seek permission.
dc.titleCollection and analysis of web-based exploits and malware
dc.typemaster thesis
thesis.degree.disciplineComputer Science
thesis.degree.grantorUniversity of Calgary
thesis.degree.nameMaster of Science (MSc)
ucalgary.item.requestcopytrue
ucalgary.thesis.accessionTheses Collection 58.002:Box 1815 520708978
ucalgary.thesis.notesUARCen
ucalgary.thesis.uarcreleaseyen
Files
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
thesis_Obied_2008.pdf
Size:
57.07 MB
Format:
Adobe Portable Document Format
Description:
Thesis
Download
Collections
Legacy Theses