Packed Malware Detection Based on Behavior Classification
Date Issued
2011
Date
2011
Author(s)
Lee, Ting-Yu
Abstract
Anti-malware companies receive thousands of malware samples every day. And the malware increase kept surging in 2009 for historical new high. So, how to let the antivirus program more effective is an important and urgent problem.
Traditionally, people detect malware by signature. However, if the malware is packed or the signature is changed, the antivirus program will not be able to find the malware. So we want to provide a new way to solve this problem.
By Cisco’s research, 70%-80% malwares are packed. In this thesis, we provide a new way for detecting packed malwares. When a malware does something special to a user’s computer, we can detect the behavior and tell the user this is a suspicious behavior by malware.
We propose a scalable clustering approach to identify and group malware samples that exhibit similar behaviors. And we use the number register to let our system be more effective. The result of our extensive experiment shows that our system can find the malware more effective than the existing tools.
Subjects
malware analysis
behavioral detection
signature detection
clustering
packed malware detection
Type
thesis
File(s)![Thumbnail Image]()
Loading...
Name
ntu-100-R98943155-1.pdf
Size
23.32 KB
Format
Adobe PDF
Checksum
(MD5):1f8c19e1dcf972503f9c0a65d52aca3a