Malware Obfuscation Measuring via Evolutionary Similarity

被引:0
作者
Li, Jian [1 ]
Xu, Jun [2 ]
Xu, Ming [1 ]
Zhao, HengLi [1 ]
Zheng, Ning [1 ]
机构
[1] Hangzhou Dianzi Univ, Inst Comp Applicat Technol, Hangzhou, Peoples R China
[2] Third Res Inst Ministry Publ Secur, Hangzhou, Peoples R China
来源
2009 FIRST INTERNATIONAL CONFERENCE ON FUTURE INFORMATION NETWORKS | 2009年
关键词
malware; obfuscation; similarity; evolutionary similarity;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
With prevailing of the malware, it is necessary to measure the malware obfuscation. We traced the system calls as the dynamic action of malware, and used evolutionary similarity to measure obfuscation. An algorithm, which uses sequence alignment as a way of arranging the sequences to identify similar regions, has been proposed to calculate the similarity. We used real-world malwares to test the resilience of our method. Our experiment has shown that our method has strong resilience against common obfuscation technologies.
引用
收藏
页码:197 / +
页数:2
相关论文
共 10 条
  • [1] Glocal alignment: finding rearrangements during alignment
    Brudno, Michael
    Malde, Sanket
    Poliakov, Alexander
    Do, Chuong B.
    Couronne, Olivier
    Dubchak, Inna
    Batzoglou, Serafim
    [J]. BIOINFORMATICS, 2003, 19 : i54 - i62
  • [2] Semantics-aware malware detection
    Christodorescu, M
    Jha, S
    Seshia, SA
    Song, D
    Bryant, RE
    [J]. 2005 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2005, : 32 - 46
  • [3] Christodorescu M, 2003, USENIX ASSOCIATION PROCEEDINGS OF THE 12TH USENIX SECURITY SYMPOSIUM, P169
  • [4] Collberg C., 1997, A Taxonomy of Obfuscating Transformations
  • [5] Collberg Christian, 2000, 170 U AUCKL DEP COMP, VTechnical Report 2000-03
  • [6] DINABURG A, 2008, 15 ACM C COMP COMM S
  • [7] Gao D., 2005, 8 INT S REC ADV INTR, P63
  • [8] Karim M. E., 2005, P EICAR 2005 C APR M, P167
  • [9] SUNG AH, 2004, 20 ANN COMP SEC APPL, P326
  • [10] WALENSTEIN A, 2006, P DAGST SEM 06301 DU