A Technique for Detection of Bots Which Are Using Polymorphic Code

The new technique of botnet detection which bots use polymorphic code was proposed. Performed detection is based on the multi-agent system by means of antiviral agents that contain sensors. For detection of botnet, which bots use polymorphic code, the levels of polymorphism were investigated and its models were built. A new sensor for polymorphic code detection within antivirus agent of multi-agent system was developed. Developed sensor performs provocative actions against probably infected file, restarts of the suspicious file for probably modified code detection, behavior analysis for modified code detection, based on the principles of known levels of polymorphism.

[1]  Wei Yan,et al.  Toward Automatic Discovery of Malware Signature for Anti-Virus Cloud Computing , 2009, Complex.

[2]  Esko Ukkonen,et al.  A Comparison of Approximate String Matching Algorithms , 1996 .

[3]  Jerzy Tiuryn,et al.  Logics of Programs , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[4]  Somesh Jha,et al.  A semantics-based approach to malware detection , 2008, TOPL.

[5]  Somesh Jha,et al.  Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.

[6]  Peter Martini,et al.  Classification and detection of metamorphic malware using value set analysis , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[7]  Marcus A. Maloof,et al.  Learning to detect malicious executables in the wild , 2004, KDD.

[8]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching Time Temporal Logic , 2008, 25 Years of Model Checking.

[9]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .

[10]  Jau-Hwang Wang,et al.  Virus detection using data mining techinques , 2003, IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings..

[11]  William F. Smyth,et al.  Computing Patterns in Strings , 2003 .

[12]  Peter Szor,et al.  The Art of Computer Virus Research and Defense , 2005 .

[13]  Amey Karkare,et al.  Heap reference analysis using access graphs , 2006, ACM Trans. Program. Lang. Syst..

[14]  Yanfang Ye,et al.  IMDS: intelligent malware detection system , 2007, KDD '07.

[15]  Oksana Pomorova,et al.  Multi-agent Based Approach for Botnet Detection in a Corporate Area Network Using Fuzzy Logic , 2013, CN.

[16]  Guillaume Bonfante,et al.  Control Flow Graphs as Malware Signatures , 2007 .

[17]  Tzi-cker Chiueh,et al.  Automatic Generation of String Signatures for Malware Detection , 2009, RAID.