ATTENTION/WARNING - NE PAS DÉPOSER ICI/DO NOT SUBMIT HERE

Ceci est la version de TEST de DIAL.mem. Veuillez ne pas soumettre votre mémoire sur ce site mais bien à l'URL suivante: 'https://thesis.dial.uclouvain.be'.
This is the TEST version of DIAL.mem. Please use the following URL to submit your master thesis: 'https://thesis.dial.uclouvain.be'.
 

SEMA evolution: redefining malware analysis toolchain architecture

Oreins, Manon
(2024)

Files

Oreins_36741800_2024.pdf
  • Open access
  • Adobe PDF
  • 1.35 MB
Download

Details

Supervisors
Legay, Axel
Faculty
Ecole polytechnique de Louvain
Degree label
Master [120] en sciences informatiques, à finalité spécialisée
Abstract
Malware is continually evolving, with their abilities to evade analysis improving daily. This necessitates the development of new tools and techniques to detect and classify the large volumes of malware emerging every day. In this context, the SEMA Toolchain was created as a research project to apply symbolic execution to malware samples, generating a system call dependency graph that serves as a signature for classification. The aim of this work is to enhance the quality of SEMA, focusing first on maintainability to create a tool that is easier to use and sustain in the future. This involved redesigning the architecture and employing various refactoring techniques. Secondly, the work aims to improve performance by increasing execution speed and reducing memory usage, allowing for faster results and the capability to conduct longer experiments. To achieve these improvements, the PyPy3 Just-in-Time compiler was utilized and memory analyses were conducted to address memory leaks. Performance analysis and testing were carried out to confirm the positive impacts of these modifications. These enhancements will better prepare SEMA for the rapid evolution of malware and make it more accessible to a broader audience.