The evolution of malware presents an ever-growing challenge to cybersecurity, impacting individuals, organisations, and nations alike. As malicious actors continue to adapt their tactics to bypass security measures, it becomes imperative to understand the evolutionary patterns of malware to stay ahead in the ongoing arms race between defenders and attackers. The complexity and sophistication of modern malware pose significant difficulties in detection and mitigation, making it crucial to unravel its evolving nature to enhance the existing defensive capabilities.

This research focuses on studying the evolutionary dynamics of malware, examining how variants emerge to circumvent existing security measures. Understanding the mechanisms through which malware evolves makes it possible to identify common patterns and develop strategies to predict the behaviour of certain malware. This work mainly encompasses Windows ransomware, particularly the Conti family, with an additional examination of the WannaCry and Ryuk families. The analysis was conducted primarily by applying dynamic malware analysis techniques to the samples. A total of 143 true-positive Conti samples, alongside 75 WannaCry and 21 Ryuk samples, were collected from reputable sources such as VX-Underground and Malware Bazaar. By utilising the ANY.RUN interactive sandbox for dynamic behavioural analysis, malware samples can be executed in a controlled environment and real-time behaviours, such as file modifications or registry changes, can be collected to discern the malware's underlying functionality and potential impact. In addition, the results obtained from Virustotal, a widely-used online malware scanning platform, are considered to get insights into the detection status of the analysed samples across multiple antivirus engines. Finally, Microsoft Defender Antivirus is utilised to classify the variants and eliminate false positives as much as possible. The tactics and techniques outlined in the MITRE ATT&CK Matrix are used to assess sample behaviour. This framework provides valuable insights into the observed behaviour of samples and the methods employed to achieve specific objectives.

The results answer the question "How do different variants of the malware families succeed in bypassing security measures?" and split the answer into three smaller ones. Overall, it can be observed that different ransomware share common traits, but differences over time and between variants and families can be seen. Some differences exist between the version of the operating system in which the malware is executed. Malware evolves, and the changes of the malware authors are reflected in their malware's behaviour and structure. Some changes persist, whereas new ways quickly replace others. By understanding the evolution and analysing the patterns that emerge, we can build our defences in a way that predicts incoming threats and creates a safer space for everyone. ... Read more

DDoS attacks are becoming more common and sophisticated. Only recently, in 2017, Google claims they have mitigated an attack which sent 2.54 Tbps of traffic to their servers. In order to prevent these attacks, more and more robust defence mechanisms need to be put in place to withstand the malicious traffic and secure the networks. Programmable data planes allow the users to specify which rules the headers of a packet need to follow and what happens if they are different. With this freedom, achieving more secure networks becomes possible. The use of the programming language P4 makes it easy to modify the functionality of the switches and limit the behaviour of the network in order to reduce the attack surface.
This paper describes certain attacks and mitigation techniques for them, such as DoS attacks and SYN-flood attacks. The paper will list existing defence techniques and enumerate their advantages and drawbacks. There will be two proof of concept detection and mitigation techniques in P4, and these implementations will be compared to already existing ones. The P4 implementations will be provided as well as comparison and performance graphs. ... Read more