Control Flow-Based Malware VariantDetection
作者: Silvio Cesare , Yang Xiang , Wanlei Zhou
DOI: 10.1109/TDSC.2013.40
关键词:
摘要: Static detection of malware variants plays an important role in system security and control flow has been shown as effective characteristic that represents polymorphic malware. In our research, we propose a similarity search to detect these using novel distance metrics. We describe signature by the set flowgraphs contains. use metric based on between feature vectors string-based signatures. The vector is decomposition graphs into either fixed size k-subgraphs, or q-gram strings high-level source after decompilation. this perform pre-filtering. also more but less computationally efficient minimum matching distance. uses string edit distances programs’ decompiled flowgraphs, linear sum assignment problem construct weight two sets graphs. implement metrics complete variant system. evaluation shows approach highly terms limited false positive rate detects when compared rates other algorithms.
ieeecomputersociety.org
computer.org参考文章(36)
Rolf Rolles, Unpacking virtualization obfuscators WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies. pp. 1- 1 ,(2009)
Akito Monden, Haruaki Tamada, Masahide Nakamura, Ken-ichi Matsumoto, Keiji Okamoto, Dynamic Software Birthmarks to Detect the Theft of Windows Applications International Symposium on Future Software Technology 2004 (ISFST 2004). ,(2004)
Silvio Cesare, Yang Xiang, Classification of malware using structured control flow AusPDC '10 Proceedings of the Eighth Australasian Symposium on Parallel and Distributed Computing - Volume 107. pp. 61- 70 ,(2010)
Lindsay I. Smith, A tutorial on Principal Components Analysis ,(2002)
Caetano Traina, Agma Traina, Bernhard Seeger, Christos Faloutsos, Slim-Trees: High Performance Metric Trees Minimizing Overlap Between Nodes extending database technology. pp. 51- 65 ,(2000) , 10.1007/3-540-46439-5_4
Mihai Christodorescu, Somesh Jha, Static analysis of executables to detect malicious patterns usenix security symposium. pp. 12- 12 ,(2003) , 10.21236/ADA449067
Ismael Briones, Aitor Gomez, Gran Vía, GRAPHS, ENTROPY AND GRID COMPUTING: AUTOMATIC COMPARISON OF MALWARE ,(2008)
Fredrik Valeur, Christopher Kruegel, Giovanni Vigna, William Robertson, Static disassembly of obfuscated binaries usenix security symposium. pp. 18- 18 ,(2004)
Kent Griffin, Scott Schneider, Xin Hu, Tzi-cker Chiueh, Automatic Generation of String Signatures for Malware Detection recent advances in intrusion detection. pp. 101- 120 ,(2009) , 10.1007/978-3-642-04342-0_6
R. Baeza-Yates, G. Navarro, Fast approximate string matching in a dictionary string processing and information retrieval. pp. 14- 22 ,(1998) , 10.1109/SPIRE.1998.712978