Optimal position searching for automated malware signature generation

When a new malware is found, anti-virus companies generate a signature for the malware. However, the malware analysis and signature generation are a time consuming process, because malwares utilize the sophisticated anti-reversing and obfuscation techniques. Therefore, it is very difficult to genera...

Full description

Saved in:
Bibliographic Details
Main Authors: Yangseo Choi, Jintae Oh, Jeonggun Lee, Jaecheol Ryou
Format: Conference Proceeding
Language:English
Subjects:
Area measurement
Automation
Computer crime
Computer hacking
Consumer electronics
Entropy
Information security
Linux
malware
position
Protection
signature
Telecommunication traffic
variance
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:When a new malware is found, anti-virus companies generate a signature for the malware. However, the malware analysis and signature generation are a time consuming process, because malwares utilize the sophisticated anti-reversing and obfuscation techniques. Therefore, it is very difficult to generate the signatures quickly enough to protect the malwares at the beginning of their propagations. In order to overcome this situation, a simple signature should be extracted automatically as soon as possible before the fully examined signature is generated. For automatic signature generation, the signature extraction position in the malwares also could be decided automatically and the extracted signatures should have low false positives. However, the relavant researches on the optimal position for automatic malware signature extraction are not enough yet. In this paper, we have investigated a method of searching the optimal area in a PE file for an automated malware signature generation. We show the results and the extracted signature's performance from the selected area with the real malwares. The area searching is done with the entropy and variance values because they can be used as a measurement of the randomness and uncertainty for each byte stream in malwares.
ISSN:0747-668X
2159-1423
DOI:10.1109/ISCE.2009.5156878