Collection and analysis of web-based exploits and malware
dc.contributor.advisor | Jacobson, Michael John | |
dc.contributor.advisor | Williamson, Carey | |
dc.contributor.author | Obied, Ahmed Mohamed Abdulla | |
dc.date.accessioned | 2017-12-18T21:40:41Z | |
dc.date.available | 2017-12-18T21:40:41Z | |
dc.date.issued | 2008 | |
dc.description | Bibliography: p. 123-132 | en |
dc.description | Some pages are in colour. | en |
dc.description.abstract | Malicious software in the form of worms, Trojan horses, spyware, and bots has become an effective tool for financial gain. To effectively infect the computers of unsuspecting users with malware, attackers use malicious Web pages. When a user views a malicious Web page using a Web browser, the malicious Web page delivers a Web-based exploit that targets browser vulnerabilities. Successful exploitation of a browser vulnerability can lead to an automatic download and execution of malware on the victim's computer. This thesis presents a honeypot that uses Internet Explorer as bait to identify malicious Web pages, which successfully download and execute malware via Webbased exploits. When the honeypot instructs Internet Explorer to visit a Web page, the honeypot monitors and records process and file creation activities of Internet Explorer and processes spawned by Internet Explorer. The recorded activities are analyzed to find deviations from normal behavior, which indicate successful exploitation. The Web-based exploits delivered by malicious Web pages and the malware downloaded by the exploits are automatically collected by the honeypot after successful exploitations. Additionally, the honeypot constructs an analysis graph to find relationships between different malicious Web pages and identify the Web pages that download the same malware. This thesis also presents an analysis of data collected by the honeypot after processing 33,811 URLs collected fom three data sets. Observations and case studies are presented to provide insights about Web-based exploits and malware, malicious Web pages, and the techniques used by attackers to deliver and obfuscate the exploits. | |
dc.format.extent | xiv, 137 leaves : ill. ; 30 cm. | en |
dc.identifier.citation | Obied, A. M. (2008). Collection and analysis of web-based exploits and malware (Master's thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca. doi:10.11575/PRISM/2097 | en_US |
dc.identifier.doi | http://dx.doi.org/10.11575/PRISM/2097 | |
dc.identifier.uri | http://hdl.handle.net/1880/103098 | |
dc.language.iso | eng | |
dc.publisher.institution | University of Calgary | en |
dc.publisher.place | Calgary | en |
dc.rights | University of Calgary graduate students retain copyright ownership and moral rights for their thesis. You may use this material in any way that is permitted by the Copyright Act or through licensing that has been assigned to the document. For uses that are not allowable under copyright legislation or licensing, you are required to seek permission. | |
dc.title | Collection and analysis of web-based exploits and malware | |
dc.type | master thesis | |
thesis.degree.discipline | Computer Science | |
thesis.degree.grantor | University of Calgary | |
thesis.degree.name | Master of Science (MSc) | |
ucalgary.item.requestcopy | true | |
ucalgary.thesis.accession | Theses Collection 58.002:Box 1815 520708978 | |
ucalgary.thesis.notes | UARC | en |
ucalgary.thesis.uarcrelease | y | en |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- thesis_Obied_2008.pdf
- Size:
- 57.07 MB
- Format:
- Adobe Portable Document Format
- Description:
- Thesis