Malwise-Malware Classification and Variant Extraction
Journal Title: IOSR Journals (IOSR Journal of Computer Engineering) - Year 2013, Vol 13, Issue 1
Abstract
Malware, short for malicious software, means a variety of forms of intrusive, hostile or annoying program code or software. Malware is a pervasive problem in distributed computer and network systems. Malware variants often have distinct byte level representations while in principal belong to the same family of the malware. The byte level content is different because of small changes to the malware source code can result in significantly different compiled object code. In this project we describe malware variants with the umbrella term of polymorphism. We are the first to use the approach of structuring and decompilation to generate malware signatures. We employ both dynamic and static analysis to classify the malware. Entropy analysis was initially determines if the binary has undergone a code packing transformation. If a packed, dynamic analysis employing application level emulation reveals the hidden code using entropy analysis to detect when unpacking is complete. Static analysis is then identifies characteristics, the building signatures for control flow of graphs in each procedure. Then the similarities between the set of control flow graphs and those are in a malware database accumulate to establish a measure of similarity. A similarity search is performed on the malware database to find similar objects to the query. Additionally, a more effective approximate flow graph matching algorithm is proposed that uses the decompilation technique of structuring to generate string based signatures amenable to the string edit distance. We use real and synthetic malware to demonstrate the effectiveness and efficiency of Malwise
Authors and Affiliations
P Nikhila
Keywords
Related Articles
- EP ID EP151561
- DOI -
- Views 115
- Downloads 0
A Modified Algorithmic Approach of DSDV Routing Protocol for Wireless Ad Hoc Network
An ad-hoc network is the cooperative engagement of a collection of Mobile Hosts without the required intervention of any centralized Access Point. A Mobile Ad hoc NETwork called MANET is a kind of wireless ad-h...
Text Classification by Augmenting Bag of Words (BOW) Representation with Co-occurrence Feature
Text classification is the task of assigning predefined categories to free-text documents based on their content. Traditional approaches used unigram based models for text classification. Unigram based models suc...
Comparison of Different Genetic Crossover operators fortravelling salesman problem
Abstract: The travelling salesman problem (TSP) is the most well-known combinatorial optimization problem. TSP is used to find a routing of a salesman who starts from a home location, visits a prescribed set of cit...
Mobile, Secure E - Voting Architecture for the Nigerian ElectoralSystem
Abstract: This work discusses electronic voting for the Nigerian electoral system, modeling a two-levelhierarchical architecture that includes the national and state level infrastructure. This solves most of theele...
A Survey on Authorization Systems for Web Applications
Abstract: Web services are the most important point of usage for the modern web architecture. The Serviceoriented architecture (SOA) used in web services offers a simple platform for integrating heterogeneousdistri...