Pirus : A Real-Time Framework for Suspicious Entities Correlation and Discrimination for Malware Identification

Huang,  Min-Chun

Pirus : A Real-Time Framework for Suspicious Entities Correlation and Discrimination for Malware Identification

Date Issued

2010

Date

2010

Author(s)

Huang, Min-Chun

URI

http://ntur.lib.ntu.edu.tw//handle/246246/254089

Abstract

We provide a real-time system to list all the malicious components for a given malware without the need of any virus definition file. Although now a malware can be detected and removed by commercial tools, however, the related malicious components (called instigator) may not be detected thus malware continuously sacrifice our privacy and expose our system to be insecure. In this study, we provide infection graph generation algorithm to correlate malware and its related malicious component. We can also detect other malwares based on the shared malicious components between malwares. Further, we provide a file list of malicious components and make a comparison with commercial tools. The result of our extensive experiment shows that with our system, we can detect more malicious files than commercial tools for both known and unknown malware.

Subjects

malware analysis

malicious component detection

infection graph

signature

system call

Type

thesis

File(s)

Name

ntu-99-R97921077-1.pdf

Size

23.32 KB

Format

Adobe PDF

Checksum

(MD5):e9516d1c16a7d00baa0530f2f4cf378c

Pirus : A Real-Time Framework for Suspicious Entities Correlation and Discrimination for Malware Identification

關於 (About)

聯絡資訊 (Contact Us)

相關網站 (Useful Links)

關於開放取用 (Open Access, OA)

出版社期刊論文授權政策 (Copyright)

使用說明 (Instructions)

登入說明 (Sign-in)

匯入著作 (Submission)