Assembly Code Clone Detection for Malware Binaries
نویسندگان
چکیده
Assembly Code Clone Detection for Malware Binaries Mohammad Reza Farhadi Malware, such as a virus or trojan horse, refers to software designed specifically to gain unauthorized access to a computer system and perform malicious activities. To analyze a piece of malware, one may employ a reverse engineering approach to perform an in-depth analysis on the assembly code of a malware. Yet, the reverse engineering process is tedious and time consuming. One way to speed up the analysis process is to compare the disassembled malware with some previously analyzed malware, identify the similar functions in the assembly code, and transfer the comments from the previously analyzed software to the new malware. The challenge is how to efficiently identify the similar code fragments (i.e., clones) from a large repository of assembly code. In this thesis, an assembly code clone detection system is presented. Its performance is evaluated in terms of accuracy, efficiency, scalability, and feasibility of finding clones on assembly code decompiled from real-life malware binary files and some DLL files from an Operating System. Experimental results suggest that the proposed clone detection algorithm is effective. This system can be used as the basis of future development of assembly code clone detection.
منابع مشابه
Corrigendum to 'OBA2: An Onion approach to Binary code Authorship Attribution' [Digit Investig 11 (2014) S94-S103]
The authors state that, Algorithms 1 and 2 (on page 5), together with their explanations, were not correctly cited in the original article. The Algorithms are borrowed from the authors previously published work (which is a Master thesis co-supervised by Dr. Mourad Debbabi and Dr. Benjamin Fung). The correct citation for Algorithms 1 and 2 is listed below; Farhadi, MR. Assembly Code Clone Detect...
متن کاملDyVSoR: dynamic malware detection based on extracting patterns from value sets of registers
To control the exponential growth of malware files, security analysts pursue dynamic approaches that automatically identify and analyze malicious software samples. Obfuscation and polymorphism employed by malwares make it difficult for signature-based systems to detect sophisticated malware files. The dynamic analysis or run-time behavior provides a better technique to identify the threat. In t...
متن کاملClone Search for Malicious Code Correlation
With the revolution in information technology, the dependence of the NATO countries on their information systems continues to grow. However, this represents a point of vulnerability, as these systems are exposed to malicious software (malware). Understanding malware to mitigate it requires software reverse engineering, but this is a manually intensive and time-consuming process. The learning cu...
متن کاملAccurate Comparison of Binary Executables
As the volume of malware inexorably rises, comparison of binary code is of increasing importance to security analysts as a method of automatically classifying new malware samples; purportedly new examples of malware are frequently a simple evolution of existing code, whose differences stem only from a need to avoid detection. This paper presents a polynomial algorithm for calculating the differ...
متن کاملOn the Reverse Engineering of the Citadel Botnet
Citadel is an advanced information stealing malware that targets financial information. This malware poses a real threat against the confidentiality and integrity of personal and business data. Recently, a joint operation has been conducted by FBI and Microsoft Digital Crimes Unit in order to take down Citadel command-and-control servers. The operation caused some disruption in the botnet but h...
متن کامل