PROCEEDINGS OF THE 2010 INTERNATIONAL CYBER RESILIENCE CONFERENCE ICR 2010 23 & 24 August , 2010 The Duxton Hotel Perth , Western Australia
نویسنده
چکیده
In this paper, we propose a five-step approach to detect obfuscated malware by investigating the structural and behavioural features of API calls. We have developed a fully automated system to disassemble and extract API call features effectively from executables. Using n-gram statistical analysis of binary content, we are able to classify if an executable file is malicious or benign. Our experimental results with a dataset of 242 malwares and 72 benign files have shown a promising accuracy of 96.5% for the unigram model. We also provide a preliminary analysis by our approach using support vector machine (SVM) and by varying n-values from 1 to 5, we have analysed the performance that include accuracy, false positives and false negatives. By applying SVM, we propose to train the classifier and derive an optimum n-gram model for detecting both known and unknown malware efficiently.
منابع مشابه
PROCEEDINGS OF THE 2 nd INTERNATIONAL CYBER RESILIENCE CONFERENCE 2011 ICR 2011 1 & 2 August , 2011 The Duxton Hotel Perth , Western Australia
This paper presents a threat to cyber resilience in the form of a conceptual model of a malware rebirthing botnet which can be used in a variety of scenarios. It can be used to collect existing malware and rebirth it with new functionality and signatures that will avoid detection by AV software and hinder analysis. The botnet can then use the customized malware to target an organization with an...
متن کامل24th IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2010, Perth, Australia, 20-13 April 2010
متن کامل
What Kind of Information Society? Introduction to the HCC9 Conference Proceedings
Society? Introduction to the HCC9 Conference Proceedings. In: What Kind of Information Society? Governance, Virtuality, Surveillance, Sustainability, Resilience. IFIP Advances in Information and Communication Technology, 2010, Volume 328/2010, edited by Jacques Berleur, Magda D. Hercheui, Lorenz M. Hilty. Berlin Heidelberg New York: Springer ISBN: 978-3-642-15478-2, pp. 3-9 What Kind of Informa...
متن کاملLITHOSPHERIC CONTROLS ON THE LOCALIZATION OF kOMATIITE-HOSTED NICkEL-SULFIDE DEPOSITS
1Centre for Exploration Targeting, University of Western Australia, 35 Stirling Highway, Crawley, 6009, Western Australia 2CSIRO Earth Science & Resource Engineering, 26 Dick Perry Ave, Kensington WA 6151, Australia 3Centre for Geochemical Evolution and Metallogeny of Continents, Macquarie University, Macquarie, NSW 2109, Australia 4Geological Survey of Western Australia, 100 Plain Street, East...
متن کاملAlgorithms and Architectures for Parallel Processing, 10th International Conference, ICA3PP 2010, Busan, Korea, May 21-23, 2010. Proceedings. Part I
When there are many people who don't need to expect something more than the benefits to take, we will suggest you to have willing to reach all benefits. Be sure and surely do to take this algorithms and architectures for parallel processing 10th international conference ica3pp 2010 busan korea may 21 23 2010 proceedings part i computer science and general issues that gives the best reasons to r...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010