A. Sulaiman, K. Ramamoorthy, S. Mukkamala, A. Sung
{"title":"Malware examiner using disassembled code (MEDiC)","authors":"A. Sulaiman, K. Ramamoorthy, S. Mukkamala, A. Sung","doi":"10.1109/IAW.2005.1495985","DOIUrl":null,"url":null,"abstract":"Current static malware detection techniques have serious limitations, and sandbox testing also fails to provide a complete solution due to time constraints. In this paper, we present a robust assembly language signature-based malware detection technique, with emphasis on detecting obfuscated (or polymorphic) malware and mutated (or metamorphic) malware. The hypothesis is that all versions of the same malware share a common core signature that is a combination of several features of the code. After a particular malware has been first identified, it can be analyzed to extract the signature, which provides a basis for detecting variants and mutants of the same malware in the future. Given that the technique uses disassembled code, it can be used on any operating system. Encouraging experimental results on a large set of recent malware are presented.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"56 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAW.2005.1495985","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 12
Abstract
Current static malware detection techniques have serious limitations, and sandbox testing also fails to provide a complete solution due to time constraints. In this paper, we present a robust assembly language signature-based malware detection technique, with emphasis on detecting obfuscated (or polymorphic) malware and mutated (or metamorphic) malware. The hypothesis is that all versions of the same malware share a common core signature that is a combination of several features of the code. After a particular malware has been first identified, it can be analyzed to extract the signature, which provides a basis for detecting variants and mutants of the same malware in the future. Given that the technique uses disassembled code, it can be used on any operating system. Encouraging experimental results on a large set of recent malware are presented.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
