Malware detection in endpoint events

Malware detection in endpoint events

Use knowledge of malware and threats to build software that detects unknown threats.

Keywords

Endpoint security, Anomaly detection, rule based detection, malware analytics

Context:

  • Expected duration of thesis: 3-6 months
  • Level: Hbo / BSc
  • Profile: Programming education with a strong interest in security. Experience with Python is very highly recommended.
  • Compensation: 500 euro/month

Thesis goal

Fox-IT has developed an endpoint security solution that prevents malware execution. Additionaly, the software logs large amounts of events on the endpoints. The goal of this project is to use knowledge of malware and threats to build software that detects unknown threats from endpoint events generated by Fox-IT’s endpoint security solution.

Activities

The suggested project outline is as follows:

  • Research typical malware characteristics and define theoretical methods to detect malware using rules. This will probably include elements such as the creation of registry keys, alternate datastreams and injection of processes.
  • Build software to run these rules offline on a dataset of events. Test and document the results.
  • Research typical malware characteristics and define theoretical methods to detect malware using a statistical approach. This will probably include elements such as the rarity of a process in the scope of a single system or the rarity of a registry write in the context of a population.
  • Extend the software to also run the statistical detection methods. Test and document the results
  • If the software runs successfully on a static dataset, modify the software to detect suspicious events in real time on the management server.

Interested?!

Please share your profile and motivation with us (vacature[at]fox-it.com). In case of questions please call Walter Doorduin at 00 31 6 419 01 011.

Contact us

+31 (0) 15 284 79 99

fox@fox-it.com

Delft