The new signature generation method based on an unpacking algorithm and procedure for a packer detection
نویسندگان
چکیده
Recently, a malware is growing rapidly and the number of malware applies various techniques to protect itself from the anti-virus solution detection. The reason of this phenomenon is that a longer resident on an infected host guarantees the more profit. As a result, these many protection techniques are applied to a malware, a representative of those is a Packing. It is not an exaggeration that most of the malware currently is distributed. In other words, a packer is widely used for a malware protection. Therefore analysts must determine whether the malware was packed or not and if the malware is packed, what packer is used, before an analysis of the malware. For these procedures, some packer detection tools were released and used. But, the detection performance is not good and there is some false positive and false negative. Therefore we propose a signature generation method that is based on an unpacking process and algorithm in this paper. And we offer the packer detection experiment result using the proposed packer detection signature generation method.
منابع مشابه
تولید خودکار الگوهای نفوذ جدید با استفاده از طبقهبندهای تک کلاسی و روشهای یادگیری استقرایی
In this paper, we propose an approach for automatic generation of novel intrusion signatures. This approach can be used in the signature-based Network Intrusion Detection Systems (NIDSs) and for the automation of the process of intrusion detection in these systems. In the proposed approach, first, by using several one-class classifiers, the profile of the normal network traffic is established. ...
متن کاملA Study of the Packer Problem and Its Solutions
An increasing percentage of malware programs distributed in the wild are packed by packers, which are programs that transform an input binary’s appearance without affecting its execution semantics, to create new malware variants that can evade signature-based malware detection tools. This paper reports the results of a comprehensive study of the extent of the packer problem based on data collec...
متن کاملA Novel Patch-Based Digital Signature
In this paper a new patch-based digital signature (DS) is proposed. The proposed approach similar to steganography methods hides the secure message in a host image. However, it uses a patch-based key to encode/decode the data like cryptography approaches. Both the host image and key patches are randomly initialized. The proposed approach consists of encoding and decoding algorithms. The encodin...
متن کاملImprovement and parallelization of Snort network intrusion detection mechanism using graphics processing unit
Nowadays, Network Intrusion Detection Systems (NIDS) are widely used to provide full security on computer networks. IDS are categorized into two primary types, including signature-based systems and anomaly-based systems. The former is more commonly used than the latter due to its lower error rate. The core of a signature-based IDS is the pattern matching. This process is inherently a computatio...
متن کاملA novel computational procedure based on league championship algorithm for solving an inverse heat conduction problem
Inverse heat conduction problems, which are one of the most important groups of problems, are often ill-posed and complicated problems, and their optimization process has lots of local extrema. This paper provides a novel computational procedure based on finite differences method and league championship algorithm to solve a one-dimensional inverse heat conduction problem. At the beginning, we u...
متن کامل