Thesis Details
Scalable Binary Executable File Similarity
This work aims to design and implement a new service searching for binary file similarities within known malware samples called YaraZilla. Studying file similarity has a growing potential in malware analysis. The vast amount of new malware is a polymorphic variation of existing malware created for deceiving anti-malware detections. The newly created service is designed to operate by using various binary file similarity techniques on multiple levels of binary code abstraction - instructions, basic blocks, functions. The service is designed to process immense amounts of files supplied by Avast systems. The result of this work is a service that presents malware analysts at Avast with a comprehensive report on malware similarity. Apart from that, the result of service can be integrated into existing services and provides a foundation for new tools.
Avast, malware, malware family, reverse engineering, binary file similarity, scalable service.
The publication of the diploma thesis is in accordance with the provision of § 47b par. 4 of the Act no. 111/1998, about universities and about the change and supplementing other laws (Higher Education Act), as amended, delayed by 3 years. The reason for the delay of the publication is the protection of intellectual property and the fact that the thesis contains business secret in the sense of the relevant provisions of the Act no. 89/2012 Coll., Civil Code.
Bidlo Michal, doc. Ing., Ph.D. (DCSY FIT BUT), člen
Češka Milan, prof. RNDr., CSc. (DITS FIT BUT), člen
Jaroš Jiří, doc. Ing., Ph.D. (DCSY FIT BUT), člen
Martínek Tomáš, doc. Ing., Ph.D. (DCSY FIT BUT), člen
Orság Filip, Ing., Ph.D. (DITS FIT BUT), člen
@mastersthesis{FITMT23736,
author = "Peter Kubov",
type = "Master's thesis",
title = "Scalable Binary Executable File Similarity",
school = "Brno University of Technology, Faculty of Information Technology",
year = 2021,
location = "Brno, CZ",
language = "english",
url = "https://www.fit.vut.cz/study/thesis/23736/"
}