| ชื่อเรื่อง | : | A fast flowgraph based classification system for packed and polymorphic malware on the endhost |
| นักวิจัย | : | Cesare, Silvio. , Xiang, Yang. |
| คำค้น | : | Malware (Computer software) , TBA. , TBA. , TBA. , System analysis. , Computer security. , Network security -- Malware -- Structural classification -- Unpacking -- Emulation |
| หน่วยงาน | : | Central Queensland University, Australia |
| ผู้ร่วมงาน | : | - |
| ปีพิมพ์ | : | 2553 |
| อ้างอิง | : | http://hdl.cqu.edu.au/10018/58566 |
| ที่มา | : | Cesare, S & Xiang, Y 2010, 'A fast flowgraph based classification system for packed and polymorphic malware on the endhost' in Proceedings - International Conference on Advanced Information Networking and Applications' pp. 721-728, http://dx.doi.org/10.1109/AINA.2010.121 |
| ความเชี่ยวชาญ | : | - |
| ความสัมพันธ์ | : | 2010 IEEE 24th International Conference on Advanced Information Networking and Applications Workshops (WAINA), 20-23 April 2010, Perth, Western Australia ; in conjunction with QuEST 2010. USA. : IEEE Conference Publishing Services (CPS), 2010. p. 721-728 8 pages Refereed 9780769540191 (online) 9781424467013 , |
| ขอบเขตของเนื้อหา | : | - |
| บทคัดย่อ/คำอธิบาย | : | Identifying malicious software provides great benefit for distributed and networked systems. Traditional real-time malware detection has relied on using signatures and string matching. However, string signatures ineffectively deal with polymorphic malware variants. Control flow has been proposed as an alternative signature that can be identified across such variants. This paper proposes a novel classification system to detect polymorphic variants using flowgraphs. We propose using an existing heuristic flowgraph matching algorithm to estimate graph isomorphisms. Moreover, we can determine similarity between programs by identifying the underlying isomorphic flowgraphs. A high similarity between the query program and known malware identifies a variant. To demonstrate the effectiveness and efficiency of our flowgraph based classification, we compare it to alternate algorithms, and evaluate the system using real and synthetic malware. The evaluation shows our system accurately detects real malware, performs efficiently, and is scalable. These performance characteristics enable real-time use on an intermediary node such as an Email gateway, or on the endhost. |
| บรรณานุกรม | : |
Cesare, Silvio. , Xiang, Yang. . (2553). A fast flowgraph based classification system for packed and polymorphic malware on the endhost.
กรุงเทพมหานคร : Central Queensland University, Australia. Cesare, Silvio. , Xiang, Yang. . 2553. "A fast flowgraph based classification system for packed and polymorphic malware on the endhost".
กรุงเทพมหานคร : Central Queensland University, Australia. Cesare, Silvio. , Xiang, Yang. . "A fast flowgraph based classification system for packed and polymorphic malware on the endhost."
กรุงเทพมหานคร : Central Queensland University, Australia, 2553. Print. Cesare, Silvio. , Xiang, Yang. . A fast flowgraph based classification system for packed and polymorphic malware on the endhost. กรุงเทพมหานคร : Central Queensland University, Australia; 2553.
|
ridm@nrct.go.th ระบบคลังข้อมูลงานวิจัยไทย รายการโปรดที่คุณเลือกไว้
