Calculating Malware Severity Rating using Threat Tree Analysis
AdvisorDampier, David A.
CommitteeAllen, Edward B.
McGrew, Robert Wesley
Malware analysts and researchers around the world are looking for innovative means of malware detection and classification. However, one concept of malware analysis that lacks focus is the rating of malware based on their feature set and capabilities. Malware severity rating is needed in order to prioritize the utilization of resources towards the analysis of a malware by an organization. This thesis proposes the utilization of threat trees for calculating malware severity using a goal oriented approach. This approach is applied to a set of sophisticated malware to study its contribution towards articulation of a useful severity rating.