Fast malware family detection method using control flow graphs

Authors:
Boojoong Kang;Hye Seon Kim;Taeguen Kim;Heejun Kwon;Eul Gyu Im
Affiliations:
Hanyang University, Seoul, Korea;Hanyang University, Seoul, Korea;Hanyang University, Seoul, Korea;Hanyang University, Seoul, Korea;Hanyang University, Seoul, Korea
Venue:
Proceedings of the 2011 ACM Symposium on Research in Applied Computation
Year:
2011

Citing 11
Cited 1

An Efficient Algorithm for Graph Isomorphism

Journal of the ACM (JACM)
Space/time trade-offs in hash coding with allowable errors

Communications of the ACM
Reversing: The Hacker's Guide to Reverse Engineering

Reversing: The Hacker's Guide to Reverse Engineering
An optimal Bloom filter replacement

SODA '05 Proceedings of the sixteenth annual ACM-SIAM symposium on Discrete algorithms
Static analysis of executables to detect malicious patterns

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Static disassembly of obfuscated binaries

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Signature Generation and Detection of Malware Families

ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler

The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
IMAD: in-execution malware analysis and detection

Proceedings of the 11th Annual conference on Genetic and evolutionary computation
Classification of malware using structured control flow

AusPDC '10 Proceedings of the Eighth Australasian Symposium on Parallel and Distributed Computing - Volume 107
Detecting self-mutating malware using control-flow graph matching

DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment

BinSlayer: accurate comparison of binary executables

PPREW '13 Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop

Quantified Score

Hi-index	0.00

Visualization

Abstract

As attackers make variants of existing malware, it is possible to detect unknown malware by comparing with already-known malware's information. Control flow graphs have been used in dynamic analysis of program source code. In this paper, we proposed a new method which can analyze and detect malware binaries using control flow graphs and Bloom filter by abstracting common characteristics of malware families. The experimental results showed that processing overhead of our proposed method is much lower than n-gram based methods.