Fiche du document
25 mars 2013
- handle: 10670/1.s3x1ae
- hal: hal-01480181
- doi: 10.1007/978-3-642-36818-9_28
Ce document est lié à :
info:eu-repo/semantics/altIdentifier/doi/10.1007/978-3-642-36818-9_28
http://creativecommons.org/licenses/by/ , info:eu-repo/semantics/OpenAccess
Mots-clés
Behavioral Signature Anti-obfuscation Scalable Resource Differentiation Iterative Sequence Alignment Handle DependencySujets proches
Animal behavior Habits and behaviorCiter ce document
Huabiao Lu et al., « DiffSig: Resource Differentiation Based Malware Behavioral Concise Signature Generation », HAL-SHS : sciences de l'information, de la communication et des bibliothèques, ID : 10.1007/978-3-642-36818-9_28
Métriques
Partage / Export
Résumé
Malware obfuscation obscures malware into a different form that’s functionally identical to the original one, and makes syntactic signature ineffective. Furthermore, malware samples are huge and growing at an exponential pace. Behavioral signature is an effective way to defeat obfuscation. However, state-of-the-art behavioral signature, behavior graph, is although very effective but unfortunately too complicated and not scalable to handle exponential growing malware samples; in addition, it is too slow to be used as real-time detectors. This paper proposes an anti-obfuscation and scalable behavioral signature generation system, DiffSig, which voids information-flow tracking which is the chief culprit for the complex and inefficiency of graph behavior, thus, losing some data dependencies, but describes handle dependencies more accurate than graph behavior by restrict the profile type of resource that each handle dependency can reference to. Our experiment results show that DiffSig is scalable and efficient, and can detect new malware samples effectively.