Learning to detect malicious executables in the wild
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
A behavioral approach to worm detection
Proceedings of the 2004 ACM workshop on Rapid malcode
Polymorphic Malicious Executable Scanner by API Sequence Analysis
HIS '04 Proceedings of the Fourth International Conference on Hybrid Intelligent Systems
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Applying Machine Learning Techniques for Detection of Malicious Code in Network Traffic
KI '07 Proceedings of the 30th annual German conference on Advances in Artificial Intelligence
A Dynamic Immunity-Based Model for Computer Virus Detection
ISIP '08 Proceedings of the 2008 International Symposiums on Information Processing
Prevention of information attacks by run-time detection of self-replication in computer codes
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Malware detection system by payload analysis of network traffic (poster abstract)
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Hi-index | 0.00 |
Most information attacks on the Internet are perpetrated by deploying malicious codes, which results in destructive epidemics. The correct execution of viruses and worms throughout the Internet is accomplished by self-relocation. Self-relocation is a built-in mechanism in most malicious codes, allowing them to get the base address of the host program to correctly infect it. Since most legitimate computer programs do not need self-relocate themselves, the detection of malicious codes could be reduced to the detection of the various mutations of the self-relocation gene. This study presents such a detection mechanism based on finite state machine theory for both known and previously unknown malicious executable codes. It does not rely on signature-screening of known viruses, but instead it detects self-relocation attempt of the suspicious executable code. The experiments were conducted and the results indicate that the proposed approach has better ability to detect known and previously unknown malicious executable codes than other methods.