Detecting virus mutations via dynamic matching
作者: Min Feng , Rajiv Gupta
DOI: 10.1109/ICSM.2009.5306329
关键词:
摘要: To defeat current commercial antivirus software, the virus developers are employing obfuscation techniques to create mutating viruses. The software cannot handle obfuscated viruses well since its detection methods that based upon static signatures not resilient even slight variations in code forms virus. In this paper, we propose a new type of signature, called dynamic and an algorithm for matching signatures. Our signature is created on runtime behavior Therefore, can also be detected using as long it dynamically behaves like original We discuss issues related deploying our approach. experiments several known show method effective identifying
sci-hub.se 参考文章(27)
William A. Arbaugh, Timothy Fraser, Nick L. Petroni, Jesus Molina, Copilot - a coprocessor-based kernel runtime integrity monitor usenix security symposium. pp. 13- 13 ,(2004)
Anthony Cozzie, Hui Xue, Frank Stratton, Samuel T. King, Digging for data structures operating systems design and implementation. pp. 255- 266 ,(2008) , 10.5555/1855741.1855759
Fabrice Bellard, QEMU, a fast and portable dynamic translator usenix annual technical conference. pp. 41- 41 ,(2005)
Mihai Christodorescu, Somesh Jha, Static analysis of executables to detect malicious patterns usenix security symposium. pp. 12- 12 ,(2003) , 10.21236/ADA449067
T. Apiwattanapong, M.J. Harrold, A. Orso, A differencing algorithm for object-oriented programs automated software engineering. pp. 2- 13 ,(2004) , 10.1109/ASE.2004.5
Konrad Rieck, Thorsten Holz, Carsten Willems, Patrick Düssel, Pavel Laskov, Learning and Classification of Malware Behavior international conference on detection of intrusions and malware and vulnerability assessment. pp. 108- 125 ,(2008) , 10.1007/978-3-540-70542-0_6
Halvar Flake, Structural Comparison of Executable Objects DIMVA. pp. 161- 173 ,(2004) , 10.17877/DE290R-2007
J. Laski, W. Szermer, Identification of program modifications and its applications in software maintenance international conference on software maintenance. pp. 282- 290 ,(1992) , 10.1109/ICSM.1992.242533
Masashi Eto, Yoichi Shinoda, Toshiyuki Miyachi, Shinsuke Miwa, Masashi Yoshizumi, Design and implementation of an isolated sandbox with mimetic internet used to analyze malwares DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007. pp. 6- 6 ,(2007)
Xiangyu Zhang, Rajiv Gupta, Whole execution traces and their applications ACM Transactions on Architecture and Code Optimization. ,vol. 2, pp. 301- 334 ,(2005) , 10.1145/1089008.1089012