[PDF][PDF] Fingerprinting malicious code through statistical opcode analysis
D Bilar - ICGeS'07: Third International Conference on Global E …, 2007 - cs.uno.edu
ICGeS'07: Third International Conference on Global E-Security, 2007•cs.uno.edu
Analysis of malicious code,'bad'software like worms, viruses and trojans, is a delicate affair:
Pattern matching tends not to be robust because malware variants simply change or
rearrange code. Heuristic approaches such as emulation and runtime analysis may take too
long if the actionable time window is measured in seconds or minutes. My approach is to
find a sweet spot: Structural fingerprints that are statistical in nature,'fuzzier'metrics between
static signatures and dynamic heuristics. One such structural fingerprint is binary opcode …
Pattern matching tends not to be robust because malware variants simply change or
rearrange code. Heuristic approaches such as emulation and runtime analysis may take too
long if the actionable time window is measured in seconds or minutes. My approach is to
find a sweet spot: Structural fingerprints that are statistical in nature,'fuzzier'metrics between
static signatures and dynamic heuristics. One such structural fingerprint is binary opcode …
Abstract
Analysis of malicious code,'bad'software like worms, viruses and trojans, is a delicate affair: Pattern matching tends not to be robust because malware variants simply change or rearrange code. Heuristic approaches such as emulation and runtime analysis may take too long if the actionable time window is measured in seconds or minutes. My approach is to find a sweet spot: Structural fingerprints that are statistical in nature,‘fuzzier’metrics between static signatures and dynamic heuristics. One such structural fingerprint is binary opcode frequency distribution. This paper discusses fingerprinting malicious code through statistical analysis of opcode distribution.
cs.uno.edu
以上显示的是最相近的搜索结果。 查看全部搜索结果