Abstract:
Forensic analysis of executables or binary files is the common practice of detecting malware characteristics. Reverse engineering is performed on executables at different...Show MoreMetadata
Abstract:
Forensic analysis of executables or binary files is the common practice of detecting malware characteristics. Reverse engineering is performed on executables at different levels such as raw binaries, assembly codes, libraries, and function calls to better analyze and interpret the purpose of malware code segments. In this work, we applied data-mining techniques to correlate multi-level code components (derived from reverse engineering process) for finding unique association rules to identify ransomware families. However a reverse process and analysis of code structure do not always provide run-time behavior of executables so we used a combined approaches (static and dynamic) to better unveil hidden intent of the program. We performed analysis of 450 samples of ransomware and experimental results reported some important correlation among different code components from our combined analysis.
Published in: 2018 IEEE Security and Privacy Workshops (SPW)
Date of Conference: 24-24 May 2018
Date Added to IEEE Xplore: 06 August 2018
ISBN Information: