Thesis Details

Rozšiřování jazyka YARA

Bachelor's Thesis Student: Kender Tomáš Academic Year: 2020/2021 Supervisor: Regéciová Dominika, Ing.

English title

Extending YARA Language

Language

Czech

Abstract

This thesis is focused at improvements for a tool called YARA, which is used for describing malware patterns and finding these patterns in files that are subject for scanning. We will add new syntactic features and improve the scanning process of behavioral files generated by Cuckoo Sandbox. During the process of adding these features, we will extend lexical and syntactic rules of the language, introduce a dynamic array type, optimize bytecode and implement a new command for it. The output of this thesis is going to be a new version of YARA that simplifies rule writing for malware analysts and aims to improve scanning performance of behavioral data.

Keywords

YARA, compiler, Flex, Bison, bytecode, assembler, behavioral analysis, Hyperscan

Department

Department of Information Systems FIT BUT

Degree Programme

Information Technology

Files

Status

defended, grade B

Date

17 June 2021

Reviewer

Zobal Lukáš, Ing.

Committee

Hanáček Petr, doc. Dr. Ing. (DITS FIT BUT), předseda
Malinka Kamil, Mgr., Ph.D. (DITS FIT BUT), člen
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS FIT BUT), člen
Strnadel Josef, Ing., Ph.D. (DCSY FIT BUT), člen
Szőke Igor, Ing., Ph.D. (DCGM FIT BUT), člen

Citation

KENDER, Tomáš. Rozšiřování jazyka YARA. Brno, 2021. Bachelor's Thesis. Brno University of Technology, Faculty of Information Technology. 2021-06-17. Supervised by Regéciová Dominika. Available from: https://www.fit.vut.cz/study/thesis/23242/

BibTeX

@bachelorsthesis{FITBT23242,
    author = "Tom\'{a}\v{s} Kender",
    type = "Bachelor's thesis",
    title = "Roz\v{s}i\v{r}ov\'{a}n\'{i} jazyka YARA",
    school = "Brno University of Technology, Faculty of Information Technology",
    year = 2021,
    location = "Brno, CZ",
    language = "czech",
    url = "https://www.fit.vut.cz/study/thesis/23242/"
}

Theses