高级搜索
    删除搜索历史记录.
    我的图书馆

    Encoded Executable File Detection Technique via Executable File Header Analysis

    作者: Yang-seo Choi , Ik-kyun Kim , Jin-tae Oh , Jae-cheol Ryou

    DOI:

    关键词:

    摘要: Recently, the attack trends have been changed from fast and widespread malware propagation attacks to more sophisticated “targeted” such as spy/adware, password stealers, ransom-ware, botenets etc. are tried via automated malwares. In this situation, is most powerful weapon for attackers. So, attackers do not want their malwares be reviled by anti-virus analyzer. order conceal malware, programmers getting utilize anti reverse engineering techniques code changing packing, encoding encryption techniques. If packed or encrypted, then it very difficult analyze. Therefore, prevent harmful effects of generate signatures detection, encrypted executable codes must initially unpacked. The first step unpacking detect files. paper, a file detection technique based on PE Header Analysis proposed. many cases, pack unpack codes, files unusual attributes in headers. these characteristics utilized A Characteristic Vector (CV) that consists eight elements defined, Euclidean distance (ED) CV calculated. EDs calculated represent base threshold

    参考文章(29)
    1.
    Aditya P. Mathur, Nwokedi Idika, A Survey of Malware Detection Techniques ,(2007)
    2.
    A.H. Sung, J. Xu, P. Chavez, S. Mukkamala, Static analyzer of vicious executables (SAVE) annual computer security applications conference. pp. 326- 334 ,(2004) , 10.1109/CSAC.2004.37
    3.
    Wenke Lee, Salvatore J. Stolfo, Data mining approaches for intrusion detection usenix security symposium. pp. 6- 6 ,(1998) , 10.21236/ADA401496
    4.
    Yi-Min Wang, D. Beck, Binh Vo, R. Roussev, C. Verbowski, Detecting stealth software with Strider GhostBuster dependable systems and networks. pp. 368- 377 ,(2005) , 10.1109/DSN.2005.39
    5.
    Ramesh Yerraballi, Amit Vasudevan, SPiKE: engineering malware analysis tools using unobtrusive binary-instrumentation ACSC '06 Proceedings of the 29th Australasian Computer Science Conference - Volume 48. pp. 311- 320 ,(2006)
    6.
    Okazaki Yoshinori, Sato Izuru, Goto Shigeki, An Improved Intrusion Detecting Method Based on Process Profiling Transactions of Information Processing Society of Japan. ,vol. 43, pp. 3316- 3326 ,(2002)
    7.
    R. Sekar, Thomas F. Bowen, Mark E. Segal, On preventing intrusions by process behavior monitoring ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1. pp. 29- 40 ,(1999)
    8.
    C. Collberg, S. K. Debray, J. H. Hartman, M. Rajagopalan, C. M. Linn, S. Baker, Protecting against unexpected system calls usenix security symposium. pp. 16- 16 ,(2005)
    9.
    Gary McGraw, Greg Morrisett, Attacking Malicious Code: A Report to the Infosec Research Council IEEE Software. ,vol. 17, pp. 33- 41 ,(2000) , 10.1109/52.877857
    10.
    Jesse C. Rabek, Roger I. Khazan, Scott M. Lewandowski, Robert K. Cunningham, Detection of injected, dynamically generated, and obfuscated malicious code workshop on rapid malcode. pp. 76- 82 ,(2003) , 10.1145/948187.948201
    来源期刊
    • 2009 年,
    • Volume: , Issue: ,
    • Page:
    相似文章 4
    学术资源搜索(ver.BATE)

    为学术研究人员、学生以及专业人士设计的在线资源检索工具。
    致力于为用户提供全球范围内高质量开放学术文献、研究报告、会议论文、期刊文章等学术资源的便捷访问.

    Copyright © 2023. KipHub all right reserved. 沪ICP备2023020492号-1
    联系方式Terms & ConditionsSecurity
    Copyright 2023 ©KipHub.