A Fast Flowgraph Based Classification System for Packed and Polymorphic Malware on the Endhost
作者: Silvio Cesare , Yang Xiang
关键词: Computer science 、 Application software 、 Statistical classification 、 String searching algorithm 、 Malware 、 Blossom algorithm 、 Graph (abstract data type) 、 Data mining 、 Network security 、 Theoretical computer science
摘要: Identifying malicious software provides great benefit for distributed and networked systems. Traditional real-time malware detection has relied on using signatures string matching. However, ineffectively deal with polymorphic variants. Control flow been proposed as an alternative signature that can be identified across such This paper proposes a novel classification system to detect variants flowgraphs. We propose existing heuristic flowgraph matching algorithm estimate graph isomorphisms. Moreover, we determine similarity between programs by identifying the underlying isomorphic A high query program known identifies variant. To demonstrate effectiveness efficiency of our based classification, compare it alternate algorithms, evaluate real synthetic malware. The evaluation shows accurately detects malware, performs efficiently, is scalable. These performance characteristics enable use intermediary node Email gateway, or end host.
sci-hub.se 参考文章(23)
Rolf Rolles, Unpacking virtualization obfuscators WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies. pp. 1- 1 ,(2009)
Silvio Cesare, Yang Xiang, Classification of malware using structured control flow AusPDC '10 Proceedings of the Eighth Australasian Symposium on Parallel and Distributed Computing - Volume 107. pp. 61- 70 ,(2010)
Ismael Briones, Aitor Gomez, Gran Vía, GRAPHS, ENTROPY AND GRID COMPUTING: AUTOMATIC COMPARISON OF MALWARE ,(2008)
Fredrik Valeur, Christopher Kruegel, Giovanni Vigna, William Robertson, Static disassembly of obfuscated binaries usenix security symposium. pp. 18- 18 ,(2004)
Kent Griffin, Scott Schneider, Xin Hu, Tzi-cker Chiueh, Automatic Generation of String Signatures for Malware Detection recent advances in intrusion detection. pp. 101- 120 ,(2009) , 10.1007/978-3-642-04342-0_6
Debin Gao, Michael K. Reiter, Dawn Song, BinHunt: Automatically Finding Semantic Differences in Binary Programs international conference on information and communication security. pp. 238- 255 ,(2008) , 10.1007/978-3-540-88625-9_16
Gerard Salton, Michael J. McGill, Introduction to Modern Information Retrieval ,(1983)
Eville Gorham, On the Chemical Composition of Some Waters from the Moor House Nature Reserve Journal of Ecology. ,vol. 44, pp. 375- 382 ,(1956) , 10.2307/2256828
Xin Hu, Tzi-cker Chiueh, Kang G. Shin, Large-scale malware indexing using function-call graphs computer and communications security. pp. 611- 620 ,(2009) , 10.1145/1653662.1653736
Lorenzo Martignoni, Mihai Christodorescu, Somesh Jha, OmniUnpack: Fast, Generic, and Safe Unpacking of Malware annual computer security applications conference. pp. 431- 441 ,(2007) , 10.1109/ACSAC.2007.15