An FSM-Based Approach for Malicious Code Detection Using the Self-Relocation Gene

Authors:
Yu Zhang;Tao Li;Jia Sun;Renchao Qin
Affiliations:
College of Computer Science, Sichuan University, Chengdu, China 610065;College of Computer Science, Sichuan University, Chengdu, China 610065;Department of Humanism Educations, Huaihua University, Huaihua, China 418000;College of Computer Science, Sichuan University, Chengdu, China 610065
Venue:
ICIC '08 Proceedings of the 4th international conference on Intelligent Computing: Advanced Intelligent Computing Theories and Applications - with Aspects of Theoretical and Methodological Issues
Year:
2008

Citing 7
Cited 1

Learning to detect malicious executables in the wild

Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
A behavioral approach to worm detection

Proceedings of the 2004 ACM workshop on Rapid malcode
Polymorphic Malicious Executable Scanner by API Sequence Analysis

HIS '04 Proceedings of the Fourth International Conference on Hybrid Intelligent Systems
Static analysis of executables to detect malicious patterns

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Applying Machine Learning Techniques for Detection of Malicious Code in Network Traffic

KI '07 Proceedings of the 30th annual German conference on Advances in Artificial Intelligence
A Dynamic Immunity-Based Model for Computer Virus Detection

ISIP '08 Proceedings of the 2008 International Symposiums on Information Processing
Prevention of information attacks by run-time detection of self-replication in computer codes

MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security

Malware detection system by payload analysis of network traffic (poster abstract)

RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses

Quantified Score

Hi-index	0.00

Visualization

Abstract

Most information attacks on the Internet are perpetrated by deploying malicious codes, which results in destructive epidemics. The correct execution of viruses and worms throughout the Internet is accomplished by self-relocation. Self-relocation is a built-in mechanism in most malicious codes, allowing them to get the base address of the host program to correctly infect it. Since most legitimate computer programs do not need self-relocate themselves, the detection of malicious codes could be reduced to the detection of the various mutations of the self-relocation gene. This study presents such a detection mechanism based on finite state machine theory for both known and previously unknown malicious executable codes. It does not rely on signature-screening of known viruses, but instead it detects self-relocation attempt of the suspicious executable code. The experiments were conducted and the results indicate that the proposed approach has better ability to detect known and previously unknown malicious executable codes than other methods.