Combinatorial detection of malware by IAT discrimination
| Autor: | Olivier Ferrand, Eric Filiol |
|---|---|
| Rok vydání: | 2015 |
| Předmět: |
021110 strategic
defence & security studies Computer science business.industry 0211 other engineering and technologies 02 engineering and technology computer.file_format Computer security computer.software_genre Cryptovirology Constant (computer programming) Software Computational Theory and Mathematics Hardware and Architecture Basic block 0202 electrical engineering electronic engineering information engineering Computer Science (miscellaneous) Table (database) Malware 020201 artificial intelligence & image processing False positive rate Executable business computer |
| Zdroj: | Journal of Computer Virology and Hacking Techniques. 12:131-136 |
| ISSN: | 2263-8733 |
| DOI: | 10.1007/s11416-015-0257-8 |
| Popis: | While most of the detection techniques used in modern antivirus software need frequent and constant update (engines and databases), modern malware attacks are processed and managed efficiently only a few hours after the malware outbreak. This situation is especially concerning when considering targeted attacks which usually strike targets of high criticity. The aim of this paper is to present a new technique which enabled to detect (binary executable) malware proactively without any prior update neither of the engine nor of the relevant databases. By considering a combinatorial approach that focuses on malware behavior by synthetizing the information contained in the Import Address Table, we have been able to detect unknown malware with a detection probability of 98 % while keeping the false positive rate close to 1 %. This technique has been implemented in the French Antivirus Software Initiative (DAVFI) and has been intensively tested on real cases confirming the detection performances. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Full text from SpringerLink