Show simple item record

dc.contributor.advisorNisbet, Alastair
dc.contributor.authorAhmed, Ovais
dc.date.accessioned2022-05-02T00:13:28Z
dc.date.available2022-05-02T00:13:28Z
dc.date.copyright2022
dc.identifier.urihttp://hdl.handle.net/10292/15107
dc.description.abstractInternet-connected devices have been the subject of cyber threats due to the gain malicious actors can get by compromising these systems. Endpoint protection is available on these systems, protecting if the malware signature is available for the malicious software. The challenge is that if the signature is not available on the endpoint protection, as in the case of zero-day malware, the endpoint will not detect or protect the system. The system follows the file analysis of zero-day malware in the sandbox environment for file identification, creating the signature and updating the endpoint database. The process of zero-day can generate a delay which can result in substantial damage to the systems by the time signature is updated. The research examines the abnormal behaviour on a Linux-based operating system and evaluates the method to explore the zero-day malware build for the platform. Malware samples are sourced from the available public repositories. The sample files used include known malicious and known non-malicious files. The known malicious files have the signatures available on the antivirus tool. Therefore, the setup removes the necessary signatures for the known malware sample files to treat them as zero-day malware. Total twenty-two malware has been used to test the method to detect the zero-day malware, out of which few have been tried without signature information on endpoint antivirus to determine the consistency of the test results. The research examines the malware behaviour on the Linux based system. It monitors the process in the two different situations where non-malicious and known malware is executed at different intervals. The abnormal process behaviour detects the malicious file. The second phase of the research explores the methods to act on the file after the detection. It discusses YARA rules and programable interface integration across the platform to automate the file quarantine feature.en_NZ
dc.language.isoenen_NZ
dc.publisherAuckland University of Technology
dc.subjectMalware detectionen_NZ
dc.subjectAnomaly Behaviouren_NZ
dc.subjectLinux Systemen_NZ
dc.subjectZero-day Malwareen_NZ
dc.titleBehaviour Anomaly on Linux Systems to Detect Zero-day Malware Attacksen_NZ
dc.typeThesisen_NZ
thesis.degree.grantorAuckland University of Technology
thesis.degree.levelMasters Theses
thesis.degree.nameMaster of Information Security and Digital Forensicsen_NZ
dc.rights.accessrightsOpenAccess
dc.date.updated2022-04-29T08:35:35Z


Files in this item

Thumbnail
Thumbnail

This item appears in the following Collection(s)

Show simple item record