摘要: The proliferation of malware has been causing great harm to computer and information systems. Traditional signature-based approaches fail detect obfuscated unknown malware. We present a preliminary study on classifying with compression program instructions for detection. code structure was utilized compress. disassembled is converted its intermediate representation. extract the opcode form stream prediction by partial matching (PPM). binaries are classified this statistical algorithm. experiment shows that our method can efficiently high accuracy low false positive rate.
sci-hub.se 参考文章(12)
Richard A. Kemmerer, Christopher Kruegel, Darren Mutz, Giovanni Vigna, William Robertson, Reverse Engineering of Network Signatures ,(2005)
Eoghan Casey, Cameron H. Malin, James M. Aquilina, Malware Forensics: Investigating and Analyzing Malicious Code ,(2008)
Mihai Christodorescu, Somesh Jha, Static analysis of executables to detect malicious patterns usenix security symposium. pp. 12- 12 ,(2003) , 10.21236/ADA449067
Mihai Christodorescu, Somesh Jha, Testing malware detectors international symposium on software testing and analysis. ,vol. 29, pp. 34- 44 ,(2004) , 10.1145/1007512.1007518
YAN ZHOU, MADHURI S. MULEKAR, PRAVEEN NERELLAPALLI, ADAPTIVE SPAM FILTERING USING DYNAMIC FEATURE SPACES International Journal on Artificial Intelligence Tools. ,vol. 16, pp. 627- 646 ,(2007) , 10.1142/S0218213007003473
Blaž Zupan, Thomas R. Lynam, Andrej Bratko, Gordon V. Cormack, Bogdan Filipič, Spam Filtering Using Statistical Data Compression Models Journal of Machine Learning Research. ,vol. 7, pp. 2673- 2698 ,(2006) , 10.5555/1248547.1248644
Qinghua Zhang, Douglas S. Reeves, MetaAware: Identifying Metamorphic Malware annual computer security applications conference. pp. 411- 420 ,(2007) , 10.1109/ACSAC.2007.9
Yan Zhou, M.S. Mulekar, P. Nerellapalli, Adaptive spam filtering using dynamic feature space international conference on tools with artificial intelligence. pp. 302- 309 ,(2005) , 10.1109/ICTAI.2005.28
Yan Zhou, W. Meador Inge, Malware detection using adaptive data compression Proceedings of the 1st ACM workshop on Workshop on AISec - AISec '08. pp. 53- 60 ,(2008) , 10.1145/1456377.1456393
Stephanie Wehner, Analyzing worms and network traffic using compression Journal of Computer Security. ,vol. 15, pp. 303- 320 ,(2007) , 10.3233/JCS-2007-15301