Dynamic Analysis of Malware Detection Using Customized Payloads: Examining the Effectiveness of Manual and Automated Approaches in Web Applications

Author

Jiban Krisna Das, Georgia Southern UniversityFollow

Term of Award

Spring 2025

Degree Name

Master of Science, Information Technology

Document Type and Release Option

Thesis (open access)

Copyright Statement / License for Reuse

Digital Commons@Georgia Southern License

Department

Department of Information Technology

Committee Chair

Lei Chen

Committee Member 1

Christopher Kadlec

Committee Member 2

Atef Mohamed

Abstract

Web applications are becoming the prime targets for cyber-attacks, where SQL injection (SQLi) and Cross Site Scripting (XSS) are the most exploited vulnerabilities. The study explores a novel approach using customized payloads to examine the effectiveness of manual and automated techniques of malware detection. This dynamic approach can effectively generate attack payloads and identify the vulnerabilities in a website thereby strengthening website security measures. This research focuses on dynamic analysis in a controlled environment while testing and analyzing SQL and XSS payloads under varying security conditions. This quantitative analysis involves crafting targeted payloads to bypass Web Application Firewall (WAF) filters and security controls considering the detection accuracy, response times, false positives and false negatives. In various security constraints, time-based and error-based SQL injections demonstrated significant effectiveness in detection. Automatic scanning using OWASP ZAP identifies common vulnerabilities but is often ineffective during complex or obfuscated injections. The study findings summarized that manual testing depends on extensive experience and the skills of the tester but utilize minimal system resources, while automated techniques excel in detection rates and speed although they produce many false positives and consume more resources. Customized payload-based testing significantly boosts the detection accuracy, speed and multiple payload injections capability, allowing it to effectively bypass advanced security filters despite generating more false positives under strict security conditions. This research underscores the importance of blended approaches combining manual, automated and customized payload-based techniques for detecting advanced malware attacks to enhance web application security. This integration of custom payload design with manual and automated scanning approaches can improve detection accuracy and accelerate the investigation process to mitigate zero-day vulnerabilities.

OCLC Number

1520571068

Catalog Permalink

https://galileo-georgiasouthern.primo.exlibrisgroup.com/permalink/01GALI_GASOUTH/1r4bu70/alma9916621327702950

Recommended Citation

IEEE

Research Data and Supplementary Material

No