A similarity metric method of obfuscated malware using function-call graph
Tóm tắt
Từ khóa
Tài liệu tham khảo
Borello, J.M., Filiol, E., Me, L.: From the design of a generic metamorphic engine to a black-box classi cation of antivirus detection techniques. J. Comput. Virol. 6(3), 277–287 (2010)
Borello, J.M., Me, L.: Code obfuscation techniques for metamorphic viruses. J. Comput. Virol. 4(3), 211–220 (2008)
Borello, J.M., Me, L., Filiol, E.: Dynamic malware detection by similarity measures between behavioral profiles. In: Proceedings of the 2011 Conference on Network and Information Systems Security, IEEE (2011)
Bruschi, D., Martignoni, L., Monga, M.: Using code normalization for fighting self-mutating malware. In: Proceedings of International Symposium on Secure Software Engineering Washington, DC (2006)
Carrera, E., Erdelyi G.: Digital genome mapping-advanced binary malware analysis. In: Proceeding of the 2004 Virus Bulletin Confference, pp. 187–197 (2004)
Christodorescu, M., Jha, S., Kruegel, C.: Mining specifications of malicious behavior. In: Proceedings of the 6th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, pp. 5–14. ACM, New York (2007)
Fredrikson, M., Jha, S, Christodorescu, M., Sailer, R., Yan, X.F.: Synthesizing near-optimal malware specifications from suspicious behaviors. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 45–60. IEEE (2010)
Gao, X.B., Xiao, B., Tao, D.C.: A survey of graph edit distance. Pattern Anal. Appl. 13(1), 113–129 (2010)
Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. WH Freeman & Co, New York (1979)
Gheorghescu, M.: An automated virus classification system. In: Proceedings of the Virus Bulletin Conference, pp. 294–300 (2005)
Hex-Rays, S.A.: IDA Pro 5.5, http://www.hex-rays.com/products/ida/index.shtml (2010)
Hu, X.: Large-scale malware indexing using function-call graphs. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 611–620. ACM, New York (2009)
Jeong, K., Lee, H.: Code graph for malware detection. In: Proceedings of the International Conference on Information Networking, IEEE, pp. 1–5 (2008)
Kapoor, A., Spurlock J.: Binary feature extraction and comparison. In: Proceedings of the AVAR 2006, Auckland (2006)
Karnik, A., Goswami, S., Guha, R.: Detecting obfuscated viruses using cosine similarity analysis. In: Proceedings of the First Asia International Conference on Modelling & Simulation (AMS’07), pp. 165170. IEEE Computer Society, Phuket (2007)
Kaspersky.: Monthly malware statistics: May 2009, http://www.kaspersky.com/news?id=207575832 (2010)
Kinable, J., Kostakis, O.: Malware classification based on call graph clustering. J. Comput. Virol. 7(4), 233–245 (2011)
Kostakis, O.: Improved call graph comparison using simulated annealing. In: Proceedings of the 2011 ACM Symposium on Applied Computing, pp. 1516–1523. ACM, New York (2011)
Kruegel, C., Kirda, E.: Polymorphic worm detection using structural information of executable. In: Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection (RAID 2005), pp. 207–226 (2005)
Lakhotia, A., Kumar, E.U., Venable, M.: A method for detecting obfuscated calls in malicious binaries. IEEE Trans. Softw. Eng. 31(27), 955–967 (2005)
Lee, J., Jeong, K., Lee H.: Detecting metamorphic malwares using code graphs. In: Proceedings of the 2010 ACM Symposium on Applied Computing, pp. 1970–197. ACM, New York (2010)
Li, J., Xu M., Zheng N., Xu. : Malware obfuscation detection via maximal patterns. In: Proceedings of the Third International Symposium on Intelligent Information Technology Application, IEEE. pp. 324–328 (2009)
PEiD 0.95, http://www.peid.info/ (2010)
Scanspyware. http://spyware.scanspyware.net/spywareremoval/rootkit.kernelbot.html (2012)
Securelist. http://www.securelist.com/en/descriptions/old79396 (2012)
Shang, S. H., Zhen, N., Xu, J., Xu, M., Zhang, H. P.: Detecting malware variants via function-call graph similarity. In: Proceedings of the 5th Malicious and Unwanted Software, IEEE, pp. 113–120 (2010)
Symantec.: Internet Security Threat Report, Volume 17. Technical report, Symantec Corporation. http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_2011_21239364.en-us.pdf (2011)
Szor, P.: The Art of Computer: Virus Research and Defense, 1st edn. Symantec Press, NJ (2005)
Tabish, S.M., Shaq M.Z., Farooq M.: Limits of static analysis for malware detection. In: Proceedings of the ACSAC, IEEE Computer Society, pp. 421430 (2007)
Tian, R., Batten, L.M., Versteeg, S.C.: Function length as a tool for malware classification. In: Proceedings of the 3rd Malicious and Unwanted Software (MALWARE), pp. 69–76 (2008)
UPX 3.05, http://upx.sourceforge.net/ (2010)
Viruslistjp. http://www.viruslistjp.com/viruses/encyclopedia/?virusid=20425 (2002)
VX Heavens. http://vx.netlux.org/index.html (2010)