Culminating Project Title
GUIDE FOR THE COLLECTION OF INSTRUSION DATA FOR MALWARE ANALYSIS AND DETECTION IN THE BUILD AND DEPLOYMENT PHASE
Date of Award
Culminating Project Type
Information Assurance: M.S.
Information Assurance and Information Systems
Herberger School of Business
Jim Q. Chen
Abdullah Abu Hussein
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.
Keywords and Subject Headings
Artificial Intelligence, Bot, Machine Learning, Phishing, Ransomware, Spyware, Trojans, Virus, Vulnerabilities, Worms
During the COVID-19 pandemic, when most businesses were not equipped for remote work and cloud computing, we saw a significant surge in ransomware attacks. This study aims to utilize machine learning and artificial intelligence to prevent known and unknown malware threats from being exploited by threat actors when developers build and deploy applications to the cloud. This study demonstrated an experimental quantitative research design using Aqua. The experiment's sample is a Docker image. Aqua checked the Docker image for malware, sensitive data, Critical/High vulnerabilities, misconfiguration, and OSS license. The data collection approach is experimental. Our analysis of the experiment demonstrated how unapproved images were prevented from running anywhere in our environment based on known vulnerabilities, embedded secrets, OSS licensing, dynamic threat analysis, and secure image configuration. In addition to the experiment, the forensic data collected in the build and deployment phase are exploitable vulnerability, Critical/High Vulnerability Score, Misconfiguration, Sensitive Data, and Root User (Super User). Since Aqua generates a detailed audit record for every event during risk assessment and runtime, we viewed two events on the Audit page for our experiment. One of the events caused an alert due to two failed controls (Vulnerability Score, Super User), and the other was a successful event meaning that the image is secure to deploy in the production environment. The primary finding for our study is the forensic data associated with the two events on the Audit page in Aqua. In addition, Aqua validated our security controls and runtime policies based on the forensic data with both events on the Audit page. Finally, the study’s conclusions will mitigate the likelihood that organizations will fall victim to ransomware by mitigating and preventing the total damage caused by a malware attack.
Gassama, Musa, "GUIDE FOR THE COLLECTION OF INSTRUSION DATA FOR MALWARE ANALYSIS AND DETECTION IN THE BUILD AND DEPLOYMENT PHASE" (2022). Culminating Projects in Information Assurance. 131.
First and foremost, I thank Allah (S.W.T.) for showering his blessings throughout my master’s thesis. Second, I want to express my deep gratitude to my thesis supervisor Professor Collen Lynn A., for her continuous support of my master’s study and related research. Most importantly, her patience, motivation, and knowledge guided me throughout the research. To Professor Jim Chen, Abu Hussein Abdullah, and Akalanka, thank you for the positive feedback to ensure I complete my research quickly. Everyone significantly influenced my career achievement and encouraged me to study and grow.
Finally, I am incredibly thankful to my parents for their unconditional love, prayers, and sacrifice. My parents have always encouraged me to be a leader and think for myself. My wife deserves special gratitude for understanding and encouraging me to finish my master’s thesis.