Concordia: a Google for malware
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Locating executable fragments with Concordia, a scalable, semantics-based architecture
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
Hi-index | 0.00 |
This paper introduces a new architecture for automating the generalization of program structure and the recognition of common patterns in the area of malware analysis. By using massively parallel processing on large malware program sets we can recognize common code sequences, such as loop constructs, if-then-else structures, and subroutine calls. We can also recognize common subroutine sequences. The Concordia architecture generalizes the recognized elements so they can be collected into invariant forms. The invariant forms can be used by the analyst to understand the program being analyzed. The invariant forms can also be used to classify large numbers of programs automatically.