Automatic Malware Signature Generation
作者: Karin Ask
DOI:
关键词:
摘要: The times when malware researchers could spend weeks analyzing a new piece of are long gone. Today newmalicious programs written and distributed at such speed that it just is not possible. Virus scanners the most common countermeasure against attacks they need up-to-date signatures to successfully identify malware. This thesis describes Autosig, program for automatic generation signatures. based on fact come in many different variants, but still share some invariant code. Using statistical data how often certain byte combinations appear legitimate files, Autosig extracts substring from this code generate signature. tested those fail pass all tests discarded. By remembering discarded signatures, learns which avoid. technique has turned out be successful time consuming routine cases, leaving human analysts more working complicated It also helpful replacing overlapping redundant leading smaller signature database.
gecode.org参考文章(12)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
David M. Chess, Steve R. White, An Undetectable Computer Virus ,(2000)
Peter Szor, The Art of Computer Virus Research and Defense ,(2005)
Eugene H. Spafford, The internet worm program: an analysis ACM SIGCOMM Computer Communication Review. ,vol. 19, pp. 17- 57 ,(1989) , 10.1145/66093.66095
Donald E Knuth, James H Morris, Jr, Vaughan R Pratt, Fast Pattern Matching in Strings SIAM Journal on Computing. ,vol. 6, pp. 323- 350 ,(1977) , 10.1137/0206024
E.J. Chikofsky, J.H. Cross, Reverse engineering and design recovery: a taxonomy IEEE Software. ,vol. 7, pp. 13- 17 ,(1990) , 10.1109/52.43044
Robert S. Boyer, J. Strother Moore, A fast string searching algorithm Communications of the ACM. ,vol. 20, pp. 762- 772 ,(1977) , 10.1145/359842.359859
J. Newsome, B. Karp, D. Song, Polygraph: automatically generating signatures for polymorphic worms ieee symposium on security and privacy. pp. 226- 241 ,(2005) , 10.1109/SP.2005.15
Zhenkai Liang, R. Sekar, Fast and automated generation of attack signatures Proceedings of the 12th ACM conference on Computer and communications security - CCS '05. pp. 213- 222 ,(2005) , 10.1145/1102120.1102150
P.G. Capek, D.M. Chess, S.R. White, A. Fedeli, Merry christma: an early network worm ieee symposium on security and privacy. ,vol. 1, pp. 26- 34 ,(2003) , 10.1109/MSECP.2003.1236232