Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Journal of Computer Virology and Hacking Techniques
Published in: Journal of Computer Virology and Hacking Techniques 3/2016

01-08-2016 | Short Contribution

Combinatorial detection of malware by IAT discrimination

Authors: Olivier Ferrand, Eric Filiol

Published in: Journal of Computer Virology and Hacking Techniques | Issue 3/2016

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

While most of the detection techniques used in modern antivirus software need frequent and constant update (engines and databases), modern malware attacks are processed and managed efficiently only a few hours after the malware outbreak. This situation is especially concerning when considering targeted attacks which usually strike targets of high criticity. The aim of this paper is to present a new technique which enabled to detect (binary executable) malware proactively without any prior update neither of the engine nor of the relevant databases. By considering a combinatorial approach that focuses on malware behavior by synthetizing the information contained in the Import Address Table, we have been able to detect unknown malware with a detection probability of 98 % while keeping the false positive rate close to 1 %. This technique has been implemented in the French Antivirus Software Initiative (DAVFI) and has been intensively tested on real cases confirming the detection performances.
previous article Secure game development for IoT environment
next article Two-channel user authentication by using USB on Cloud

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
Literature
1.
Wicherski, G.: peHash: a novel approach to fast malware clustering. In: Proceedins of the 2nd usenix workshop on large-scale exploits and emergent threats (2009)
2.
Griffin, K., Schneider, S., Hu, X., Chiueh, T.: Automatic generation of string signatures for malware detection. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) Recent advances in intrusion detection 2009. Lecture Notes in Computer Science 5758. pp. 101–120. Springer, Berlin (2009)
3.
Bruschi, D., Martignoni, L., Monga, M.: Code normalization for self-mutating malware. IEEE Secur. Priv. 5(2), 46–54 (2007)CrossRef
4.
Bilar, D.: Opcodes as predicators for malware. Int. J. Electron. Secur. Digit. Forensics 1(2), 156–168 (2007)CrossRef
5.
Perdisci, R., Lanzi, A., Lee, W.: McBoost, boosting scalability in malware collection and analysis using statistical classification of executables. In: IEEE annual computer security applications conference (ACSAC), pp. 301–310 (2008)
6.
Borello, J.-M.: Study of computer viruses metamorphism: modelling, design and detection. Ph D Thesis, Université de Rennes (2011)
7.
Gheorghescu, M.: An automated virus classification system. In: Virus bulletin conference proceedings, pp. 294–300, Dublin (2005)
8.
Sung, A.H., Xu, J., Chavez, P., Mukkamala, S.: Static analyzer of vicious executables. In: IEEE annual computer security applications conference (ACSAC), pp. 326–334 (2004)
9.
10.
Ferrand, O.: Techniques combinatoires de détection de malware. Ph. D Thesis, Ecole Polytechnique (2016)
11.
12.
Maalof, M.A.: Machine learning and data mining for computer security. Springer, Berlin (2006)
13.
14.
Colbourn, C.J., Dinitz, J.H.: Handbook of combinatorial designs. CRC Press (2007)
Metadata
Title
Combinatorial detection of malware by IAT discrimination
Authors
Olivier Ferrand
Eric Filiol
Publication date
01-08-2016
Publisher
Springer Paris
DOI
https://doi.org/10.1007/s11416-015-0257-8

Other articles of this Issue 3/2016

Journal of Computer Virology and Hacking Techniques 3/2016 Go to the issue

Short Contribution

Two-channel user authentication by using USB on Cloud

Editorial

Knowledge-based System and Security

Short Contribution

A study on effects of security risks on acceptance of enterprise cloud service: moderating of employment and non-employment using PLS multiple group analysis

Short Contribution

Secure game development for IoT environment

Short Contribution

Blackhole attack: user identity and password seize attack using honeypot

Original Paper

Proactive defense against malicious documents: formalization, implementation and case studies

Premium Partner

    Image Credits