By Topic

Optimal position searching for automated malware signature generation

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Yangseo Choi ; Inf. Security Res. Div., ETRI, Daejeon, South Korea ; Jintae Oh ; Jeonggun Lee ; Jaecheol Ryou

When a new malware is found, anti-virus companies generate a signature for the malware. However, the malware analysis and signature generation are a time consuming process, because malwares utilize the sophisticated anti-reversing and obfuscation techniques. Therefore, it is very difficult to generate the signatures quickly enough to protect the malwares at the beginning of their propagations. In order to overcome this situation, a simple signature should be extracted automatically as soon as possible before the fully examined signature is generated. For automatic signature generation, the signature extraction position in the malwares also could be decided automatically and the extracted signatures should have low false positives. However, the relavant researches on the optimal position for automatic malware signature extraction are not enough yet. In this paper, we have investigated a method of searching the optimal area in a PE file for an automated malware signature generation. We show the results and the extracted signature's performance from the selected area with the real malwares. The area searching is done with the entropy and variance values because they can be used as a measurement of the randomness and uncertainty for each byte stream in malwares.

Published in:

Consumer Electronics, 2009. ISCE '09. IEEE 13th International Symposium on

Date of Conference:

25-28 May 2009