Similarity calculation method for user-define functions to detect malware variants

Tae Guen Kim*, Jung Bin Park, In Gyeom Cho, Eul Gyu Im, Boojoong Kang, Soo Yong Kang

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

3 Citations (Scopus)

Abstract

The number of malware has sharply increased over years, and it caused various damages on computing systems and data. In this paper, we propose techniques to detect malware variants. Malware authors usually reuse malware modules when they generate new malware or malware variants. Therefore, malware variants have common code for some functions in their binary files. We focused on this common code in this research, and proposed the techniques to detect malware variants through similarity calculation of user-defined function. Since many malware variants evade malware detection system by transforming their static signatures, to cope with this problem, we applied pattern matching algorithms for DNA variations in Bioinformatics to similarity calculation of malware binary files. Since the pattern matching algorithm we used provides the local alignment function, small modification of functions can be overcome. Experimental results show that our proposed method can detect malware similarity and it is more resilient than other methods.

Original languageEnglish
Title of host publicationRACS 2014
Subtitle of host publicationProceedings of the 2014 Conference on Research in Adaptive and Convergent Systems
Place of PublicationNew York
PublisherAssociation for Computing Machinery, Inc
Pages236-241
Number of pages6
ISBN (Electronic)9781450330602
DOIs
Publication statusPublished - 5 Oct 2014
Externally publishedYes
Event2014 Conference on Research in Adaptive and Convergent Systems, RACS 2014 - Towson, United States
Duration: 5 Oct 20148 Oct 2014

Other

Other2014 Conference on Research in Adaptive and Convergent Systems, RACS 2014
CountryUnited States
CityTowson
Period5/10/148/10/14

Keywords

  • Malware analysis
  • Smith-Waterman algorithm
  • Static analysis

Fingerprint Dive into the research topics of 'Similarity calculation method for user-define functions to detect malware variants'. Together they form a unique fingerprint.

Cite this