Opcodes as predictor for malware

被引：179

作者：

Bilar, Daniel ^{[1
]}

机构：

[1] Wellesley Coll, Dept Comp Sci, Wellesley, MA 02181 USA

来源：

INTERNATIONAL JOURNAL OF ELECTRONIC SECURITY AND DIGITAL FORENSICS | 2007年 / 1卷 / 02期

关键词：

x86; opcodes; malware; structural fingerprint; statistical analysis; predictor; executable; frequency;

D O I：

10.1504/IJESDF.2007.016865

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

This paper discusses a detection mechanism for malicious code through statistical analysis of opcode distributions. A total of 67 malware executables were sampled statically disassembled and their statistical opcode frequency distribution compared with the aggregate statistics of 20 non-malicious samples. We find that malware opcode distributions differ statistically significantly from non-malicious software. Furthermore, rare opcodes seem to be a stronger predictor, explaining 12-63% of frequency variation.

引用

页码：156 / 168

页数：13

共 43 条

[1] AccessData Inc, 2005, FOR TOOLK
[2] [Anonymous], 2005, IDA INTERACTIVE DISA
[3] [Anonymous], [No title captured]
[4] Bilar D., 2007, AI COMMUNICATIONS SP
[5] CHINCHANI R, 2005, P INT S REC ADV INTR
[6] Christodorescu M, 2003, USENIX ASSOCIATION PROCEEDINGS OF THE 12TH USENIX SECURITY SYMPOSIUM, P169
[7] Clementi A., 2007, ANTIVIRUS COMP, P7
[8] Commtouch Inc, 2007, MALW REP SERV SID PO
[9] Computer Economics Inc, 2007, 2007 MALW REP EC IMP
[10] Connor-Linton J, 2003, CHI SQUARE TUTORIAL

← 1 2 3 4 5 →