Automatic Generation of String Signatures for Malware Detection
作者: Kent Griffin , Scott Schneider , Xin Hu , Tzi-cker Chiueh
DOI: 10.1007/978-3-642-04342-0_6
关键词:
摘要: Scanning files for signatures is a proven technology, but exponential growth in unique malware programs has caused an explosion signature database sizes. One solution to this problem use string , each of which contiguous byte sequence that potentially can match many variants family. However, it not clear how automatically generate these with sufficiently low false positive rate. Hancock the first generation system takes on challenge large scale. To minimize rate, features scalable model estimates occurrence probability arbitrary sequences goodware programs, set library code identification techniques, and diversity-based heuristics ensure contexts embedded containing are similar one another. With techniques combined, able rate below 0.1%.
springer.com
springerlink.com参考文章(23)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
Gerald Tesauro, William Arnold, AUTOMATICALLY GENERATED WIN32 HEURISTIC VIRUS DETECTION ,(2000)
Fanglu Guo, Peter Ferrie, Tzi-cker Chiueh, A Study of the Packer Problem and Its Solutions recent advances in intrusion detection. pp. 98- 115 ,(2008) , 10.1007/978-3-540-87403-4_6
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, Automated worm fingerprinting operating systems design and implementation. pp. 4- 4 ,(2004)
XiaoFeng Wang, Zhuowei Li, Jun Xu, Michael K. Reiter, Chongkyung Kil, Jong Youl Choi, Packet vaccine Proceedings of the 13th ACM conference on Computer and communications security - CCS '06. pp. 37- 46 ,(2006) , 10.1145/1180405.1180412
Christian Kreibich, Jon Crowcroft, Honeycomb: creating intrusion detection signatures using honeypots acm special interest group on data communication. ,vol. 34, pp. 51- 56 ,(2004) , 10.1145/972374.972384
D. Brumley, J. Newsome, D. Song, Hao Wang, Somesh Jha, Towards automatic generation of vulnerability-based signatures ieee symposium on security and privacy. pp. 2- 16 ,(2006) , 10.1109/SP.2006.41
Dawn Xiaodong Song, James Newsome, Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software network and distributed system security symposium. ,(2005)
R. Begleiter, R. El-Yaniv, G. Yona, On prediction using variable order Markov models Journal of Artificial Intelligence Research. ,vol. 22, pp. 385- 421 ,(2004) , 10.1613/JAIR.1491
Vinod Yegneswaran, Jonathon T. Giffin, Paul Barford, Somesh Jha, An architecture for generating semantics-aware signatures usenix security symposium. pp. 7- 7 ,(2005) , 10.21236/ADA449063