Malwise-Malware Classification and Variant Extraction
Journal Title: IOSR Journals (IOSR Journal of Computer Engineering) - Year 2013, Vol 13, Issue 1
Abstract
Malware, short for malicious software, means a variety of forms of intrusive, hostile or annoying program code or software. Malware is a pervasive problem in distributed computer and network systems. Malware variants often have distinct byte level representations while in principal belong to the same family of the malware. The byte level content is different because of small changes to the malware source code can result in significantly different compiled object code. In this project we describe malware variants with the umbrella term of polymorphism. We are the first to use the approach of structuring and decompilation to generate malware signatures. We employ both dynamic and static analysis to classify the malware. Entropy analysis was initially determines if the binary has undergone a code packing transformation. If a packed, dynamic analysis employing application level emulation reveals the hidden code using entropy analysis to detect when unpacking is complete. Static analysis is then identifies characteristics, the building signatures for control flow of graphs in each procedure. Then the similarities between the set of control flow graphs and those are in a malware database accumulate to establish a measure of similarity. A similarity search is performed on the malware database to find similar objects to the query. Additionally, a more effective approximate flow graph matching algorithm is proposed that uses the decompilation technique of structuring to generate string based signatures amenable to the string edit distance. We use real and synthetic malware to demonstrate the effectiveness and efficiency of Malwise
Authors and Affiliations
P Nikhila
Keywords
Related Articles
- EP ID EP151561
- DOI -
- Views 103
- Downloads 0
A Short-Normalized Attack Graph Based Approach for Network Attack Analysis
Abstract: Attack graphs are the graphs which describe attack scenarios, play important roles in analyzing network threats. These attack graphs are able to reveal such potential threats by evaluating the all possibl...
Web Based Solution for Thermal Printing of Bar Code
A barcode is an optical machine-readable representation of data, which shows the relevant data about the material to which it is attached or fixed. With the help of bar code, the information can be assessed automatical...
Agent Based Distributed Tutoring System modeling using Extended Tropos approach
Due to the availability of enormous amount of resources for the tutoring system, there is a need for the distribution of the resources when developing such tutoring system.There are several users inthe distribute...
Concomitant use of Dopamine agonist Bromocriptine with Glimepride Improves Insulin Sensitivity in Type II Diabetic Patients
Type -2 diabetes mellitus (T2DM) is a complex syndrome originated by a multifactorial pathogenesis. Restoration of a normal glycaemia is very difficult and requires a multiple medication with different mechanismsof actio...
Adaptive Steganography Based Enhanced Cipher HidingTechnique for Secure Data Transfer
Abstract:There have been enormous number of attacks recorded during electronic transmission of informationbetween the source and intended receiver and indeed this has called for a more robust and efficient method f...