An Efficient Algorithm for Graph Isomorphism
Journal of the ACM (JACM)
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
Reversing: The Hacker's Guide to Reverse Engineering
Reversing: The Hacker's Guide to Reverse Engineering
An optimal Bloom filter replacement
SODA '05 Proceedings of the sixteenth annual ACM-SIAM symposium on Discrete algorithms
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Static disassembly of obfuscated binaries
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Signature Generation and Detection of Malware Families
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
IMAD: in-execution malware analysis and detection
Proceedings of the 11th Annual conference on Genetic and evolutionary computation
Classification of malware using structured control flow
AusPDC '10 Proceedings of the Eighth Australasian Symposium on Parallel and Distributed Computing - Volume 107
Detecting self-mutating malware using control-flow graph matching
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
BinSlayer: accurate comparison of binary executables
PPREW '13 Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop
Hi-index | 0.00 |
As attackers make variants of existing malware, it is possible to detect unknown malware by comparing with already-known malware's information. Control flow graphs have been used in dynamic analysis of program source code. In this paper, we proposed a new method which can analyze and detect malware binaries using control flow graphs and Bloom filter by abstracting common characteristics of malware families. The experimental results showed that processing overhead of our proposed method is much lower than n-gram based methods.