Malware analysis with multiple features

Proceedings - 2012 14th International Conference on Modelling and Simulation, UKSim 2012

Volumn , Issue , 2012, Pages 231-235

  Zabidi, Muhammad Najmi Ahmad ^a   Maarof, Mohd Aizaini ^b   Zainal, Anazida ^b  

^a INTERNATIONAL ISLAMIC UNIVERSITY MALAYSIA   (Malaysia)

^b UNIVERSITI TEKNOLOGI MALAYSIA   (Malaysia)

Author keywords

feature selection; malware; static analysis

Indexed keywords

DEBUGGERS; MALWARE ANALYSIS; MALWARES; MICROSOFT WINDOWS; MULTIPLE FEATURES; PYTHON PROGRAMMING LANGUAGE; STATIC AND DYNAMIC ANALYSIS; STATIC FEATURES; VIRTUAL MACHINES;

APPLICATION PROGRAMMING INTERFACES (API); COMPUTER CRIME; FEATURE EXTRACTION;

STATIC ANALYSIS;

EID: 84863098541     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/UKSim.2012.40     Document Type: Conference Paper

References (17)

1. J. Leyden, "Man convicted of murder gets retrial after virus eats transcripts," http://www.theregister.co.uk/2012/01/05/virus deletes court transcript/, January 2012, (Accessed at January 13, 2012).
2. K. Rozinov, "Efficient static analysis of executables for detecting malicious behaviors," 2005.
3. J. Koret, "Zero wine," http://zerowine.sourceforge.net, (Accessed at January 10, 2012).
4. T. Rudnai, "Crypto-analysis in shellcode detection," http://community.websense.com/blogs/securitylabs/archive/2010/06/03/ crypto-analysis-in-shellcode-detection.aspx, 2010, (Accessed at January 9, 2012).
5. D. Steven, "Xorsearch," http://blog.didierstevens.com/programs/ xorsearch/, 2010, (Accessed at January 9,2012).
6. B. Zhang, J. Yin, J. Hao, D. Zhang, and S. Wang, "Using support vector machine to detect unknown computer viruses," International Journal of Computational Intelligence Research, vol. 2, no. 1, pp. 100-104, 2006.
7. A. Altaher, S. Ramadass, and A. Ali, "Computer virus detection using features ranking and machine learning," Australian Journal of Basic and Applied Sciences, vol. 5, no. 9, pp. 1482-1486, 2011.
8. J. Oh, C. Im, and H. Jeong, "A system for analyzing advance bot behavior," in Information Systems, Technology and Management, ser. Communications in Computer and Information Science, S. K. Prasad, H. M. Vin, S. Sahni, M. P. Jaiswal, and B. Thipakorn, Eds. Springer Berlin Heidelberg, 2010, vol. 54, pp. 56-63.
9. M. Christodorescu and S. Jha, "Static analysis of executables to detect malicious patterns," in Proceedings of the 12th USENIX Security Symposium (Security'03), USENIX Association. USENIX Association, Aug. 2003, pp. 169-186. [Online]. Available: http://www.cs.wisc.edu/~mihai/mywork/papers/index. htmln#11
10. F. Leder, P. Martini, and A. Wichmann, "Finding and extracting crypto routines from malware," in Performance Computing and Communications Conference (IPCCC), 2009 IEEE 28th International, 2009, pp. 394-401.
11. M. N. A. Zabidi, M. A. Maarof, and A. Zainal, "Ensemble based categorization and adaptive model for malware detection," 2011 7th International Conference on Information Assurance and Security (IAS), vol. 978-1-4577-2153-3, pp. 80-85, 2011.
12. M. N. A. Zabidi, "Compiling features for malicious software," http://conference.hitb.org/hitbsecconf2011kul/materials/D1%20SIGINT%20- %20Muhammad%20Najmi% 20Ahmad%20Zabidi%20-%20Compiling%20Features% 20for%20Malcious%20Binaries.pdf, October 2011, (Accessed at January 11, 2012).
13. R. Brown, R. Khazan, and M. Zhivich, "Awe: Improving software analysis through modular integration of static and dynamic analyses," in Proceedings of the 7th ACM SIGPLANSIGSOFT workshop on Program analysis for software tools and engineering. ACM, 2007, pp. 69-74.
14. Wikibooks, "X86 disassembly," http://en.wikibooks.org/wiki/X86 Disassembly/Debugger Detectors, March 2008, (Accessed at January 11, 2012).
15. R. Lyda and J. Hamrock, "Using entropy analysis to find encrypted and packed malware," Security & Privacy, IEEE, vol. 5, no. 2, pp. 40-45, 2007.
16. th IEEE Consumer Communications and Networking Conference (CCNC2012), 2012, in press.
17. M. Hypponen, "Malware signed with a governmental signing key," http://www.f-secure.com/weblog/archives/00002269.html, November 2011, (Accessed at January 9, 2012).