Machine-implemented method and system for determining whether a to-be-analyzed software is a known malware or a variant of the known malware
作者: Yu-Sung Wu , Ying-Dar Lin , Yi-Ta Chiang , Yuan-Cheng Lai
DOI:
关键词:
摘要: A machine-implemented method for determining whether a to-be-analyzed software is known malware or variant of the includes steps of: (A) configuring processor to execute software, and obtain system call sequence that corresponds with reference plurality calls made in as result executing software; (B) determine degree similarity between malware; (C) neither nor when determined step not greater than predefined threshold value.
nctu.edu.tw参考文章(16)
Markus Juhani Miettinen, Method and apparatus for analyzing and detecting malicious software ,(2011)
Boris Ruchansky, Mikhail Cherepov, Andrew Zawadowskiy, Attack-resistant verification of auto-generated anti-malware signatures ,(2009)
Akira Kinno, Takehiro Nakayama, Software operation modeling device, software operation monitoring device, software operation modeling method, and software operation monitoring method ,(2006)
Yaron Kidron, Detecting and countering malicious code in enterprise networks ,(2003)
Yinglian Xie, Fang Yu, Kannan Achan, Clustering botnet behavior using parameterized models ,(2008)
Hengli Zhao, Ming Xu, Ning Zheng, Jingjing Yao, Qiang Ho, Malicious Executables Classification Based on Behavioral Factor Analysis international conference on e-education, e-business, e-management and e-learning. pp. 502- 506 ,(2010) , 10.1109/IC4E.2010.78
Silvio Cesare, Yang Xiang, A Fast Flowgraph Based Classification System for Packed and Polymorphic Malware on the Endhost advanced information networking and applications. pp. 721- 728 ,(2010) , 10.1109/AINA.2010.121
Jian Li, Ming Xu, Ning Zheng, Jian Xu, Malware Obfuscation Detection via Maximal Patterns intelligent information technology application. ,vol. 2, pp. 324- 328 ,(2009) , 10.1109/IITA.2009.109
Michael Bailey, Jon Oberheide, Jon Andersen, Z Morley Mao, Farnam Jahanian, Jose Nazario, None, Automated classification and analysis of internet malware recent advances in intrusion detection. pp. 178- 197 ,(2007) , 10.1007/978-3-540-74320-0_10
Ehud Gudes, Yuval Elovici, Boris Rozenberg, System and method for detecting new malicious executables, based on discovering and monitoring characteristic system call sequences ,(2010)