Computers and Intractability: A Guide to the Theory of NP-Completeness
Computers and Intractability: A Guide to the Theory of NP-Completeness
The Art of Computer Virus Research and Defense
The Art of Computer Virus Research and Defense
A Method for Detecting Obfuscated Calls in Malicious Binaries
IEEE Transactions on Software Engineering
Detecting Obfuscated Viruses Using Cosine Similarity Analysis
AMS '07 Proceedings of the First Asia International Conference on Modelling & Simulation
Mining specifications of malicious behavior
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Large-scale malware indexing using function-call graphs
Proceedings of the 16th ACM conference on Computer and communications security
Malware Obfuscation Detection via Maximal Patterns
IITA '09 Proceedings of the 2009 Third International Symposium on Intelligent Information Technology Application - Volume 02
A survey of graph edit distance
Pattern Analysis & Applications
Detecting metamorphic malwares using code graphs
Proceedings of the 2010 ACM Symposium on Applied Computing
Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Improved call graph comparison using simulated annealing
Proceedings of the 2011 ACM Symposium on Applied Computing
Malware classification based on call graph clustering
Journal in Computer Virology
Polymorphic worm detection using structural information of executables
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Hi-index | 0.00 |
Code obfuscating technique plays a significant role to produce new obfuscated malicious programs, generally called malware variants, from previously encountered malwares. However, the traditional signature-based malware detecting method is hard to recognize the up-to-the-minute obfuscated malwares. This paper proposes a method to identify the malware variants based on the function-call graph. Firstly, the function-call graphs were created from the disassembled codes of program; then the caller---callee relationships of functions and the operational code (opcode) information about functions, combining the graph coloring techniques were used to measure the similarity metric between two function-call graphs; at last, the similarity metric was utilized to identify the malware variants from known malwares. The experimental results show that the proposed method is able to identify the obfuscated malicious softwares effectively.