论文信息 - Malware variants identification based on byte frequency

Malware variants identification based on byte frequency

Malware variants refer to all the new malwares manually or automatically produced from any existing malware. However, such simple approach to produce malwares can change signatures of the original malware to confuse and bypass most of popular signature-based anti-malware tools. In this paper we propose a novel byte frequency based detecting model (BFBDM) to deal with the malware variants identification issue. The primary experimental results show that our model is efficient and effective for the identification of malware variants, especially for the manual variant.

Rui Yang | Sheng Yu | Shijie Zhou | Jiaqing Luo | Leyuan Liu

[1] Somesh Jha,et al. A semantics-based approach to malware detection , 2007, POPL '07.

[2] Robert Lyda,et al. Using Entropy Analysis to Find Encrypted and Packed Malware , 2007, IEEE Security & Privacy.

[3] Peter Szor,et al. The Art of Computer Virus Research and Defense , 2005 .

[4] Gran Vía,et al. GRAPHS, ENTROPY AND GRID COMPUTING: AUTOMATIC COMPARISON OF MALWARE , 2008 .

[5] Somesh Jha,et al. Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.

[6] Christopher Krügel,et al. Polymorphic Worm Detection Using Structural Information of Executables , 2005, RAID.

[7] Somesh Jha,et al. Semantics-aware malware detection , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).