Introduction to the Theory of Computation
Introduction to the Theory of Computation
Machine Learning
Computers and Intractability: A Guide to the Theory of NP-Completeness
Computers and Intractability: A Guide to the Theory of NP-Completeness
Centroid-Based Document Classification: Analysis and Experimental Results
PKDD '00 Proceedings of the 4th European Conference on Principles of Data Mining and Knowledge Discovery
N-Gram-Based Detection of New Malicious Code
COMPSAC '04 Proceedings of the 28th Annual International Computer Software and Applications Conference - Workshops and Fast Abstracts - Volume 02
Imposing Order on Program Statements to Assist Anti-Virus Scanners
WCRE '04 Proceedings of the 11th Working Conference on Reverse Engineering
The Art of Computer Virus Research and Defense
The Art of Computer Virus Research and Defense
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
A Method for Detecting Obfuscated Calls in Malicious Binaries
IEEE Transactions on Software Engineering
Hamsa: Fast Signature Generation for Zero-day PolymorphicWorms with Provable Attack Resilience
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Normalizing Metamorphic Malware Using Term Rewriting
SCAM '06 Proceedings of the Sixth IEEE International Workshop on Source Code Analysis and Manipulation
Using engine signature to detect metamorphic malware
Proceedings of the 4th ACM workshop on Recurring malcode
Learning to Detect and Classify Malicious Executables in the Wild
The Journal of Machine Learning Research
Using Entropy Analysis to Find Encrypted and Packed Malware
IEEE Security and Privacy
SigFree: a signature-free buffer overflow attack blocker
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Statistical signatures for fast filtering of instruction-substituting metamorphic malware
Proceedings of the 2007 ACM workshop on Recurring malcode
Measuring Differentiability: Unmasking Pseudonymous Authors
The Journal of Machine Learning Research
Opcodes as predictor for malware
International Journal of Electronic Security and Digital Forensics
A semantics-based approach to malware detection
ACM Transactions on Programming Languages and Systems (TOPLAS)
Embedded Malware Detection Using Markov n-Grams
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Malware detection using adaptive data compression
Proceedings of the 1st ACM workshop on Workshop on AISec
Automatically profiling the author of an anonymous text
Communications of the ACM - Inspiring Women in Computing
STILL: Exploit Code Detection via Static Taint and Initialization Analyses
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Improving malware detection by applying multi-inducer ensemble
Computational Statistics & Data Analysis
A survey of modern authorship attribution methods
Journal of the American Society for Information Science and Technology
Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Malware detection using statistical analysis of byte-level file content
Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics
The WEKA data mining software: an update
ACM SIGKDD Explorations Newsletter
Automatic Generation of String Signatures for Malware Detection
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Accurate buffer overflow detection via abstract payload execution
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Using verification technology to specify and detect malware
EUROCAST'07 Proceedings of the 11th international conference on Computer aided systems theory
A fistful of red-pills: how to automatically generate procedures to detect CPU emulators
WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies
On the infeasibility of modeling polymorphic shellcode
Machine Learning
Applying Biometric Principles to Avatar Recognition
CW '10 Proceedings of the 2010 International Conference on Cyberworlds
Comprehensive shellcode detection using runtime heuristics
Proceedings of the 26th Annual Computer Security Applications Conference
Recognizing authors: an examination of the consistent programmer hypothesis
Software Testing, Verification & Reliability
Signature Tree Generation for Polymorphic Worms
IEEE Transactions on Computers
Language Resources and Evaluation
Malware analysis with tree automata inference
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Hunting for undetectable metamorphic viruses
Journal in Computer Virology
Who wrote this code? identifying the authors of program binaries
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Metasploit: The Penetration Tester's Guide
Metasploit: The Penetration Tester's Guide
Network–Level polymorphic shellcode detection using emulation
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Hybrid engine for polymorphic shellcode detection
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Polymorphic worm detection using structural information of executables
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
ISC'07 Proceedings of the 10th international conference on Information Security
| Hi-index | 0.00 |
One method malware authors use to defeat detection of their programs is to use morphing engines to rapidly generate a large number of variants. Inspired by previous works in author attribution of natural language text, we investigate a problem of attributing a malware to a morphing engine. Specifically, we present the malware engine attribution problem and formally define its three variations: MVRP, DENSITY and GEN, that reflect the challenges malware analysts face nowadays. We design and implement heuristics to address these problems and show their effectiveness on a set of well-known malware morphing engines and a real-world malware collection reaching detection accuracies of 96 % and higher. Our experiments confirm the applicability of the proposed approach in practice and indicate that engine attribution may offer a viable enhancement of current defenses against malware.