Detecting unknown malicious code by applying classification techniques on OpCode patterns

Detecting Malicious Code by Model Checking

The ease of compiling malicious code from source code in higher programming languages has increased the volatility of malicious programs: The first appearance of a new worm in the wild is usually followed by modified versions in quick succession. As demonstrated by Christodorescu and Jha, however, classical detection software relies on static patterns, and is easily outsmarted. In this paper, w...

Unknown Malicious Code Detection – Practical Issues

The recent growth in Internet usage has motivated the creation of new malicious code for various purposes, including information warfare. Today’s signature-based anti-viruses can detect accurately known malicious code but are very limited in detecting new malicious code. New malicious codes are being created every day, and their number is expected to increase in the coming years. Recently, mach...

NewApproach for Detecting Unknown Malicious Executables

Detection of malicious executables that are known beforehand is usually performed using signature-based techniques. These techniques typically rely on the prior explicit knowledge of the malicious executable code, which is in turn is represented by one or more signatures or rules that are stored in a database. The database is frequently updated with new signatures, based on new observations. Th...

Detecting Malicious Code by Exploiting Dependencies of System-call Groups

In this paper we present an elaborated graph-based algorithmic technique for efficient malware detection. More precisely, we utilize the system-call dependency graphs (or, for short ScD graphs), obtained by capturing taint analysis traces and a set of various similarity metrics in order to detect whether an unknown test sample is a malicious or a benign one. For the sake of generalization, we d...

Classification and identification of malicious code based on heuristic techniques utilizing meta languages