Classification of malware using structured control flow

Conferences in Research and Practice in Information Technology Series

Volumn 107, Issue , 2010, Pages 61-70

  Cesare, Silvio ^a   Xiang, Yang ^a  

^a CENTRAL QUEENSLAND UNIVERSITY   (Australia)

Author keywords

Malware; Network security; Structured control flow; Unpacking

Indexed keywords

APPLICATION LEVEL; COMPLETE SYSTEM; CONTROL FLOW GRAPHS; CONTROL FLOWS; DECOMPILATION; EDIT DISTANCE; EXECUTION TIME; MALWARES; NETWORK SYSTEMS; NOVEL ALGORITHM; STRUCTURED GRAPHS; UNPACKING;

ALGORITHMS; COMPUTER CRIME; DATA FLOW ANALYSIS; DISTRIBUTED COMPUTER SYSTEMS; GRAPHIC METHODS; NETWORK SECURITY;

STATIC ANALYSIS;

EID: 84869003423     PISSN: 14451336     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Article

References (30)

1. Babar, K., Khalid, F. & Pakistan, P. (2009): Generic Unpacking Techniques. International Conference On Computer, Control and Communication.
2. Baeza-Yates, R. & Navarro, G. (1998): Fast approximate string matching in a dictionary. South American Symposium on String Processing and Information Retrieval (SPIR'98), 14-22.
3. Bellard, F. (2005): QEMU, a fast and portable dynamic translator. USENIX Annual Technical Conference, 41-46
4. Boehne, L. (2008): Pandora's Bochs: Automatic Unpacking of Malware. University of Mannheim.
5. Briones, I. & Gomez, A. (2008): Graphs, Entropy and Grid Computing: Automatic Comparison of Malware. Virus Bulletin Conference, 1-12.
6. Carrera, E. & Erdélyi, G. (2004): Digital genome mapping-advanced binary malware analysis. Virus Bulletin Conference, 187-197.
7. Cifuentes, C. (1994): Reverse compilation techniques. Queensland University of Technology.
8. Dinaburg, A., Royal, P., Sharif, M. & Lee, W. (2008): Ether: Malware analysis via hardware virtualization extensions. Proceedings of the 15th ACM conference on Computer and communications security, 51-62, ACM New York, NY, USA.
9. Dullien, T. & Rolles, R. (2005): Graph-based comparison of Executable Objects (English Version). SSTIC.
10. Gao, D., Reiter, M. K. & Song, D. (2008): Binhunt: Automatically finding semantic differences in binary programs. Information and Communications Security, 5308:238-255, Springer.
11. Gheorghescu, M. (2005): An automated virus classification system. Virus Bulletin Conference, 294-300.
12. Graf, T. (2005): Generic unpacking: How to handle modified or unknown PE compression engines. Virus Bulletin Conference.
13. Kang, M. G., Poosankam, P. & Yin, H. (2007): Renovo: A hidden code extractor for packed executables.Workshop on Recurring Malcode, 46-53.
14. Karim, M. E., Walenstein, A., Lakhotia, A. & Parida, L. (2005) Malware phylogeny generation using permutations of code. Journal in Computer Virology, 1 (1):13-23.
15. Kolter, J. Z. & Maloof, M. A. (2004): Learning to detect malicious executables in the wild. International Conference on Knowledge Discovery and Data Mining, 470-478.
16. Kruegel, C., Kirda, E., Mutz, D., Robertson, W. & Vigna, G. (2006) Polymorphic worm detection using structural information of executables. Lecture notes in computer science, 3858:207.
17. Kruegel, C., Robertson, W., Valeur, F. & Vigna, G. (2004): Static disassembly of obfuscated binaries. USENIX Security Symposium, 13:18-18.
18. Lyda, R. & Hamrock, J. (2007) Using entropy analysis to find encrypted and packed malware. IEEE Security and Privacy, 5 (2):40.
19. Martignoni, L., Christodorescu, M. & Jha, S. (2007): Omniunpack: Fast, generic, and safe unpacking of malware. Proceedings of the Annual Computer Security Applications Conference (ACSAC), 431-441.
20. Martignoni, L., Paleari, R., Roglia, G. F. & Bruschi, D. (2009): Testing CPU emulators. Proceedings of the eighteenth international symposium on Software testing and analysis, Chicago, IL, USA, 261-272, ACM.
21. Moretti, E., Chanteperdrix, G. & Osorio, A. (2001): New algorithms for control-flow graph structuring. Software Maintenance and Reengineering, 184. Mal(ware)formation statistics - Panda Research Blog: Panda Research, http://research.pandasecurity.com/archive/Mal_2800_ware_2900_formation-statistics.aspx. 19 August 2009.
22. Mal(ware)formation statistics - Panda Research Blog: Panda Research, http://research.pandasecurity.com/archive/Mal_2800_ware_2900_formation-statistics.aspx. 19 August 2009.
23. Perdisci, R., Lanzi, A. & Lee, W. (2008): McBoost: Boosting Scalability in Malware Collection and Analysis Using Statistical Classification of Executables. Proceedings of the 2008 Annual Computer Security Applications Conference, 301-310, IEEE Computer Society Washington, DC, USA.
24. Quist, D. & Valsmith (2007): Covert Debugging Circumventing Software Armoring Techniques. Black Hat Briefings USA.
25. Royal, P., Halpin, M., Dagon, D., Edmonds, R. & Lee, W. (2006): Polyunpack: Automating the hiddencode extraction of unpack-executing malware. Computer Security Applications Conference, 289-300.
26. Sharif, M., Lanzi, A., Giffin, J. & Lee, W. Rotalume: A Tool for Automatic Reverse Engineering of Malware Emulators. INC., I. G.
27. Stepan, A. (2006): Improving proactive detection of packed malware. Virus Bulletin Conference, 1.
28. Sun, L., Ebringer, T. & Boztas, S. (2008): Hump-anddump: efficient generic unpacking using an ordered address execution histogram. International Computer Anti-Virus Researchers Organization (CARO) Workshop.
29. Wei, T., Mao, J., Zou, W. & Chen, Y. (2007): Structuring 2-way branches in binary executables. International Computer Software and Applications Conference, 01: 115-118.
30. Wu, Y., Chiueh, T. & Zhao, C. (2009): Efficient and Automatic Instrumentation for Packed Binaries. International Conference and Workshops on Advances in Information Security and Assurance, 307-316. VxClass: Zynamics, http://www.zynamics.com/vxclass.html.