Structural analysis of binary executable headers for malware detection optimization
暂无分享,去创建一个
In the context of the OpenDAVFI project (a fork of the French initiative DAVFI for giving birth to a new generation, open antivirus engine which has been funded by the French Government), different AV filters have been developped and chained to detect both known and unknown malware very accurately while requiring a very limited number of updates. While most AV software use different static and dynamic detection techniques which are mostly based on the general concept of (static or heuristic) signature, we have observed that many malware do not comply to the Microsoft specifications with respect to the MZ-PE format. In this technical correspondence, we present structural analysis tests which have been implemented in the DAVFI/OpenDAVFi project. These tests accurately detect malware and therefore greatly reduce the number of malware that have to be analyzed by subsequent modules in our detection chain.
[1] Mark Stamp,et al. Simple substitution distance and metamorphic detection , 2013, Journal of Computer Virology and Hacking Techniques.
[2] Eric Filiol,et al. Combinatorial detection of malware by IAT discrimination , 2015, Journal of Computer Virology and Hacking Techniques.
[3] Eric Filiol,et al. Proactive defense against malicious documents: formalization, implementation and case studies , 2015, Journal of Computer Virology and Hacking Techniques.