Thesis Details
Rozšiřování jazyka YARA
This thesis is focused at improvements for a tool called YARA, which is used for describing malware patterns and finding these patterns in files that are subject for scanning. We will add new syntactic features and improve the scanning process of behavioral files generated by Cuckoo Sandbox. During the process of adding these features, we will extend lexical and syntactic rules of the language, introduce a dynamic array type, optimize bytecode and implement a new command for it. The output of this thesis is going to be a new version of YARA that simplifies rule writing for malware analysts and aims to improve scanning performance of behavioral data.
YARA, compiler, Flex, Bison, bytecode, assembler, behavioral analysis, Hyperscan
The publication of the bachelor's thesis is in accordance with the provision of § 47b par. 4 of the Act no. 111/1998, about universities and about the change and supplementing other laws (Higher Education Act), as amended, delayed by 3 years. The reason for the delay of the publication is the protection of intellectual property and the fact that the thesis contains business secret in the sense of the relevant provisions of the Act no. 89/2012 Coll., Civil Code.
Malinka Kamil, Mgr., Ph.D. (DITS FIT BUT), člen
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS FIT BUT), člen
Strnadel Josef, Ing., Ph.D. (DCSY FIT BUT), člen
Szőke Igor, Ing., Ph.D. (DCGM FIT BUT), člen
@bachelorsthesis{FITBT23242, author = "Tom\'{a}\v{s} Kender", type = "Bachelor's thesis", title = "Roz\v{s}i\v{r}ov\'{a}n\'{i} jazyka YARA", school = "Brno University of Technology, Faculty of Information Technology", year = 2021, location = "Brno, CZ", language = "czech", url = "https://www.fit.vut.cz/study/thesis/23242/" }