Malware Obfuscation Measuring via Evolutionary Similarity

被引：0

作者：

Li, Jian ^{[1
]}

Xu, Jun ^{[2
]}

Xu, Ming ^{[1
]}

Zhao, HengLi ^{[1
]}

Zheng, Ning ^{[1
]}

机构：

[1] Hangzhou Dianzi Univ, Inst Comp Applicat Technol, Hangzhou, Peoples R China

[2] Third Res Inst Ministry Publ Secur, Hangzhou, Peoples R China

来源：

2009 FIRST INTERNATIONAL CONFERENCE ON FUTURE INFORMATION NETWORKS | 2009年

关键词：

malware; obfuscation; similarity; evolutionary similarity;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

With prevailing of the malware, it is necessary to measure the malware obfuscation. We traced the system calls as the dynamic action of malware, and used evolutionary similarity to measure obfuscation. An algorithm, which uses sequence alignment as a way of arranging the sequences to identify similar regions, has been proposed to calculate the similarity. We used real-world malwares to test the resilience of our method. Our experiment has shown that our method has strong resilience against common obfuscation technologies.

引用

页码：197 / +

页数：2

共 10 条

[1] Glocal alignment: finding rearrangements during alignment
Brudno, Michael
Malde, Sanket
Poliakov, Alexander
Do, Chuong B.
Couronne, Olivier
Dubchak, Inna
Batzoglou, Serafim
[J]. BIOINFORMATICS, 2003, 19 : i54 - i62
[2] Semantics-aware malware detection
Christodorescu, M
Jha, S
Seshia, SA
Song, D
Bryant, RE
[J]. 2005 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2005, : 32 - 46
[3] Christodorescu M, 2003, USENIX ASSOCIATION PROCEEDINGS OF THE 12TH USENIX SECURITY SYMPOSIUM, P169
[4] Collberg C., 1997, A Taxonomy of Obfuscating Transformations
[5] Collberg Christian, 2000, 170 U AUCKL DEP COMP, VTechnical Report 2000-03
[6] DINABURG A, 2008, 15 ACM C COMP COMM S
[7] Gao D., 2005, 8 INT S REC ADV INTR, P63
[8] Karim M. E., 2005, P EICAR 2005 C APR M, P167
[9] SUNG AH, 2004, 20 ANN COMP SEC APPL, P326
[10] WALENSTEIN A, 2006, P DAGST SEM 06301 DU

← 1 →