Project Plan Next Generation Malware Detection, Clustering and - - PowerPoint PPT Presentation

project plan
SMART_READER_LITE
LIVE PREVIEW

Project Plan Next Generation Malware Detection, Clustering and - - PowerPoint PPT Presentation

Apr 08, 2024 278 likes •402 views

Project Plan Next Generation Malware Detection, Clustering and Heuristics The Capstone Experience Team Proofpoint Crystal Lewis Yash Patel George Zhao Graham Thomas Brad Doherty Department of Computer Science and Engineering Michigan

slide-1
SLIDE 1

From Students… …to Professionals

The Capstone Experience

Project Plan Next Generation Malware Detection, Clustering and Heuristics

Team Proofpoint

Crystal Lewis Yash Patel George Zhao Graham Thomas Brad Doherty Department of Computer Science and Engineering Michigan State University Spring 2018

slide-2
SLIDE 2

Functional Specifications

  • Detect and cluster malware
  • Provide a Web Dashboard for analysts
  • Provide a framework for assigning signatures

to new malware

The Capstone Experience Team Proofpoint Project Plan Presentation 2

slide-3
SLIDE 3

Design Specifications

  • Malware analysis tool
  • Malware aggregator
  • Nodal graph display
  • Malware statistics applets

The Capstone Experience Team Proofpoint Project Plan Presentation 3

slide-4
SLIDE 4

Screen Mockup: Nodal Graph

The Capstone Experience Team Proofpoint Project Plan Presentation 4

slide-5
SLIDE 5

Screen Mockup: Flagged Filtering

The Capstone Experience Team Proofpoint Project Plan Presentation 5

slide-6
SLIDE 6

Screen Mockup: File analysis

The Capstone Experience Team Proofpoint Project Plan Presentation 6

slide-7
SLIDE 7

Technical Specifications

  • Static analysis module
  • Dynamic analysis decision logic
  • Malware sandboxing
  • Signature information framework
  • Malware aggregator
  • Database
  • Web Front End

The Capstone Experience Team Proofpoint Project Plan Presentation 7

slide-8
SLIDE 8

System Architecture

The Capstone Experience Team Proofpoint Project Plan Presentation 8

slide-9
SLIDE 9

System Components

  • Hardware Platforms
  • Proofpoint hardware cluster
  • ESXi HyperVisor
  • Linux Ubuntu VMs
  • Software Platforms / Technologies
  • Python, Yara, Cuckoo, ClamAV
  • SQLite, Apache
  • Postman API and Bootstrap Library

The Capstone Experience Team Proofpoint Project Plan Presentation 9

slide-10
SLIDE 10

Risks

  • Malware Clustering and Categorization
  • Clustering malware based on file characteristics
  • Research the best way to cluster malware (PE Hash or Fuzzy

hashing)

  • Understanding Dynamic and Static Analysis Tools
  • The tools behave differently and output different formats
  • Running different malware samples and analyzing outputs
  • Scalability and Speed
  • Analyzing variable amounts of malware in an efficient way
  • Properly allocate resources for
  • Signature Generation Framework
  • Provide a way for analysts to easily create the signature of a

malware

  • Determine what analysis information is relevant for a signature

The Capstone Experience Team Proofpoint Project Plan Presentation 10

slide-11
SLIDE 11

Questions?

The Capstone Experience Team Proofpoint Project Plan Presentation 11

? ? ? ? ? ? ? ? ?