New Algorithms for Control-Flow Graph Structuring
CSMR '01 Proceedings of the Fifth European Conference on Software Maintenance and Reengineering
Learning to detect malicious executables in the wild
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
QEMU, a fast and portable dynamic translator
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Static disassembly of obfuscated binaries
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Using Entropy Analysis to Find Encrypted and Packed Malware
IEEE Security and Privacy
Structuring 2-way Branches in Binary Executables
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 01
Renovo: a hidden code extractor for packed executables
Proceedings of the 2007 ACM workshop on Recurring malcode
Ether: malware analysis via hardware virtualization extensions
Proceedings of the 15th ACM conference on Computer and communications security
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
BinHunt: Automatically Finding Semantic Differences in Binary Programs
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Proceedings of the eighteenth international symposium on Software testing and analysis
Efficient and Automatic Instrumentation for Packed Binaries
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Polymorphic worm detection using structural information of executables
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Graph-based malware detection using dynamic analysis
Journal in Computer Virology
Fast malware family detection method using control flow graphs
Proceedings of the 2011 ACM Symposium on Research in Applied Computation
Advanced malware variant detection algorithm using structural characteristic of executable file
FGIT'11 Proceedings of the Third international conference on Future Generation Information Technology
BinSlayer: accurate comparison of binary executables
PPREW '13 Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop
ADAM: an automatic and extensible platform to stress test android anti-virus systems
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Structural detection of android malware using embedded call graphs
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
Simseer and bugwise: web services for binary-level software similarity and defect detection
AusPDC '13 Proceedings of the Eleventh Australasian Symposium on Parallel and Distributed Computing - Volume 140
Proceedings of the 6th International Conference on Security of Information and Networks
Proceedings of the 4th ACM conference on Data and application security and privacy
Expert Systems with Applications: An International Journal
Hi-index | 0.00 |
Malware is a pervasive problem in distributed computer and network systems. Identification of malware variants provides great benefit in early detection. Control flow has been proposed as a characteristic that can be identified across variants, resulting in flowgraph based malware classification. Static analysis is widely used for the classification but can be ineffective if malware undergoes a code packing transformation to hide its real content. This paper proposes a novel algorithm for constructing a control flow graph signature using the decompilation technique of structuring. Similarity between structured graphs can be quickly determined using string edit distances. To reverse the code packing transformation, a fast application level emulator is proposed. To demonstrate the effectiveness of the automated unpacking and flowgraph based classification, we implement a complete system and evaluate it using synthetic and real malware. The evaluation shows our system is highly effective in terms of accuracy in revealing all the hidden code, execution time for unpacking, and accuracy in classification.