论文信息 - A Frequency Approach to Creation of Executable File Signatures for their Identification

A Frequency Approach to Creation of Executable File Signatures for their Identification

The paper presents methods of executable file signature creation based on frequency distributions of their informative features to be applied for program identification. Identification here should be understood as a process of file recognition by establishing its coincidence with a particular program. A new approach to creation of the archive of program signatures, both in terms of byte-frequency distribution of a program's binary code, and in terms of frequency distribution of assembler commands in their disassembler codes, is presented. The new method of executable file identification is offered and the results of experiments on their identification using a statistical criterion of φ * -Fisher and analysis of the slope are provided. The proposed method can be used to audit data-storage medium.

[1] Ying-xu. Lai,et al. Unknown Malicious Identification , 2008, World Congress on Engineering.

[2] Peng Li,et al. On Challenges in Evaluating Malware Clustering , 2010, RAID.

[3] Serdar Boztas,et al. A fast randomness test that preserves local detail , 2008 .

[4] Jesse D. Kornblum. Identifying almost identical files using context triggered piecewise hashing , 2006, Digit. Investig..

[5] Irina E. Krivtsova,et al. METHOD OF EXECUTABLE FILTS IDENTIFICATION BY THEIR SIGNATURES , 2016 .