CiteSeerX — Search Results

Results 1 - 10 of 39

Opcode sequences as representation of executables for data-mining-based unknown malware detection

by Igor Santos, Felix Brezo, Xabier Ugarte-pedrero, Pablo G. Bringas - INFORMATION SCIENCES 227 , 2013

"... Malware can be defined as any type of malicious code that has the potential to harm a computer or network. The volume of malware is growing faster every year and poses a serious global security threat. Consequently, malware detection has become a critical topic in computer security. Currently, signa ..."

Abstract - Cited by 12 (0 self) - Add to MetaCart

consistently fails to detect new malware. In this paper, we propose a new method to detect unknown malware families. This model is based on the frequency of the appearance of opcode sequences. Furthermore, we describe a technique to mine the relevance of each opcode and assess the frequency of each opcode

Using Opcode Sequences in Single-Class Learning to Detect Unknown Malware

by Igor Santos, Felix Brezo, Borja Sanz, Carlos Laorden, Pablo G. Bringas

"... Malware is any type of malicious code that has the potential to harm a computer or network. The volume of malware is growing at a faster rate every year and poses a serious global security threat. Although signature-based detection is the most widespread method used in commercial antivirus programs, ..."

Abstract - Cited by 1 (0 self) - Add to MetaCart

single-class learning to detect unknown malware families. This method is based on examining the frequencies of the appearance of opcode sequences to build a machine-learning classifier using only one set of labelled instances within a specific class of either malware or legitimate software. We performed

Unknown Malcode Detection Using OPCODE Representation

by Shlomi Dolev, Yuval Elovici

"... Abstract. The recent growth in network usage has motivated the creation of new malicious code for various purposes, including economic ones. Today’s signature-based anti-viruses are very accurate, but cannot detect new malicious code. Recently, classification algorithms were employed successfully fo ..."

Abstract - Add to MetaCart

for the detection of unknown malicious code. However, most of the studies use byte sequence n-grams representation of the binary code of the executables. We propose the use of (Operation Code) OpCodes, generated by disassembling the executables. We then use n-grams of the OpCodes as features for the classification

Poster Abstract: Shingled Graph Disassembly: Finding the Undecideable Path

by Richard Wartell, Yan Zhou, Kevin W. Hamlen, Murat Kantarcioglu

"... A probabilistic finite state machine approach to statically disassembling x86 executables is presented. It leverages semantic meanings of opcode sequences to infer similarities between groups of opcode and operand sequences. Preliminary results demonstrate that the technique is more efficient and ef ..."

Abstract - Add to MetaCart

A probabilistic finite state machine approach to statically disassembling x86 executables is presented. It leverages semantic meanings of opcode sequences to infer similarities between groups of opcode and operand sequences. Preliminary results demonstrate that the technique is more efficient

Detecting Scareware by Mining Variable Length Instruction Sequences

by Raja Khurram Shahzad

"... Abstract—Scareware is a recent type of malicious software that may pose financial and privacy-related threats to novice users. Traditional countermeasures, such as anti-virus software, require regular updates and often lack the capability of detecting novel (unseen) instances. This paper presents a ..."

Abstract - Cited by 1 (1 self) - Add to MetaCart

scareware detection method that is based on the application of machine learning algorithms to learn patterns in extracted variable length opcode sequences derived from instruction sequences of binary files. The patterns are then used to classify software as legitimate or scareware but they may also reveal

Research Article Malware Analysis Using Visualized Image Matrices

by Kyoungsoo Han, Boojoong Kang, Eul Gyu Im

"... Copyright © 2014 KyoungSoo Han et al.This is an open access article distributed under theCreativeCommonsAttribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. This paper proposes a novel malware visual analysis ..."

Abstract - Add to MetaCart

analysis method that contains not only a visualization method to convert binary files into images, but also a similarity calculationmethod between these images.The proposedmethod generates RGB-colored pixels on image matrices using the opcode sequences extracted frommalware samples and calculates

Shingled graph disassembly: Finding the undecideable path

by Richard Wartell, Yan Zhou, Kevin W. Hamlen, Murat Kantarcioglu , 2013

"... A probabilistic finite state machine approach to statically disassembling x86 machine language programs is presented and evaluated. Static disassembly is a crucial prerequisite for software reverse engineering, and has many applications in computer security and binary analysis. The general problem i ..."

Abstract - Cited by 3 (1 self) - Add to MetaCart

is provably undecidable because of the heavy use of unaligned instruction encodings and dynamically computed control flows in the x86 architecture. Limited work in machine learning and data mining has been undertaken on this subject. This paper shows that semantic meanings of opcode sequences can be leveraged

Sequencer Transforms

by Roger T. Hartley

"... MidiTrans is an application built on a visual language that supports general processing of standard MIDI files. Unlike most software sequencer programs that have a fixed repertoire of transforms, MidiTrans allows any transform to be implemented using the elements of a visual data-flow language. Midi ..."

Abstract - Add to MetaCart

MidiTrans is an application built on a visual language that supports general processing of standard MIDI files. Unlike most software sequencer programs that have a fixed repertoire of transforms, MidiTrans allows any transform to be implemented using the elements of a visual data-flow language

NOA: AN INFORMATION RETRIEVAL BASED MALWARE DETECTION SYSTEM

by Igor Santos, Xabier Ugarte-pedrero, Felix Brezo, Pablo G. Bringas

"... Communicated by Deepak Gang Abstract. Malware refers to any type of code written with the intention of harming a computer or network. The quantity of malware being produced is increasing every year and poses a serious global security threat. Hence, malware detection is a critical topic in computer s ..."

Abstract - Cited by 2 (0 self) - Add to MetaCart

fails to detect obfuscated malware variants. In this paper, a new malware detection system is proposed based on information retrieval. For the representation of executables, the frequency of the appearance of opcode sequences is used. Through this architecture a malware detection system prototype

APPROXIMATE DISASSEMBLY

by Presented To, Dhivyakrishnan Radhakrishnan, Dhivyakrishnan Radhakrishnan, Dhivyakrishnan Radhakrishnan, Dhivyakrishnan Radhakrishnan , 2009

"... For the past two decades, computer viruses have been a constant security threat. A computer virus is a type of malware that may damage computer systems by destroying data, crashing the system, or through other malicious activity. Among the different types of viruses, metamorphic viruses are one of t ..."

Abstract - Add to MetaCart

the process impractical. In this project, we develop and demonstrate a technique to derive an approximate opcode sequence directly from the executable file, which, in general, reduces the time required as compared to a standard

Results 1 - 10 of 39

Tools