Analytics and Tracking
Malicious activities (malcode) are self replicating malware and a major security threat in a network environment. Timely detection and system alert flags are very essential to prevent rapid spreading of malcode in the network. Automatic signature generation systems has likewise been use to address the issue of malcode, yet there are many works required for good detection. Based on the behavior way of malcode, a behavior approach is required for such detection. In this thesis a dynamic approach technique is proposed for malcode detection and rapid malcode behavior rules are automatically generated based on their Indicator of Compromise (IOC) behavior, as this approach is achieved using Weka system for clustering technique, T-Pot for intrusion data collection, Cuckoo Sandbox for malware data analysis and OpenIOC for IOC creation The experimental study in this thesis highlights the weakness in Signature-Based detection and static analysis of malcode data. The experimental study shows that the proposed approach using IOCRule achieved a detection rate of 87.50%, false negative of 12.50% when evaluated using CTU 2016/2017 Malware dataset. As the evaluation of CTU 2016/2017 Malware dataset achieved a detection rate of 1.18% and a false negative rate of 98.82%. This shows that the proposed approach achieved a much higher detection rate and lower false negative rate compared to the signature-based detection.