Detecting Malicious Codes: A Signature-Based Solution (original) (raw)

Malware Detection and Signature Generation

2020

Now a day, the malware detection is needful to enhance the performance of the systems and omit the effect of malware to system. The conventional signature-based detection of malware did not detect a major of new variants. This paper presented a hybrid technique for automatic malware signature generation and classification. The hybrid method is named as a ANFIS-SSA approach. Using this observation, we present a hybrid method for detection of malware using the correlation between the semantics of the malware and its API calls. Here, develops a base signature for a whole malware class more than for a solitary specimen of malware. The signature can able of find out even advanced variants and unknown which related to that class. Here, demonstrates our method on some well-known malware classes and presented that any advanced variants classes is detected from the base signature.

Detecting malicious files using non-signature-based methods

International Journal of Information and Computer Security, 2014

Malware or malicious code intends to harm the computer systems without the knowledge of system users. Malware are unknowingly installed by naïve users while browsing the internet. Once installed, the malicious programs perform unintentional activities like: a) steal user name, password; b) install spy software to provide remote access to the attackers; c) flood spam messages; d) perform denial of service attacks, etc. With the emergence of metamorphic malware (that uses complex obfuscation techniques), signature-based detectors fail to identify new variants of malware. In this paper, we investigate non-signature techniques for malware detection and demonstrate methods of feature selection that are best suited for detection purposes. Features are produced using mnemonic n-grams and instruction opcodes (opcodes along with addressing modes). The redundant features are eliminated using class-wise document frequency, scatter criterion and principal component analysis (PCA). The experiments are conducted on the malware dataset collected from VX Heavens and benign executables (gathered from fresh installation of Windows XP operating system and other utility software's). The experiments also demonstrate that proposed methods that do not require signatures are effective in identifying and classifying morphed malware.

A framework for automated malcode signatures generation

2010

Rapid malicious codes (malcodes) are self replicating malicious programs that represent a major security threat to the Internet. Fast monitoring and early warning systems are very essential to prevent rapid malcodes spreading. The difficulty in detecting malcodes is that they evolve over time. Although signature-based tools such as network intrusion detection systems are widely used to protect critical systems , traditional signature-based malcode detectors fail to detect obfuscated and previously unseen malcode executables. Automatic signature generation techniques are needed to augment these tools due to the speed at which new vulnerabilities are discovered. In particular, we need automated techniques which generate signatures without mistakenly block legitimate traffic or increase false alarms. This work investigates a technique for automatically generating sound vulnerability signatures of novel rapid malcodes. In this paper, rapid malcode signatures are automatically generated based on their spreading behavior, specially aimed at automatically extracting and deploying signatures on the packet level, without the need for reassembly that could be used by signature-based firewalls network intrusion detection system. Evaluation on Universiti Te knologi Malaysia network corpus shows higher detection accuracy at 87% compare to 56% for Snort signatures. Moreover, false negative reduces to 14% compared to 78% for Snort signatures.

Detection of new malicious code using n-grams signatures

Proceedings of Second …, 2004

Signature-based malicious code detection is the standard technique in all commercial anti-virus software. This method can detect a virus only after the virus has appeared and caused damage. Signature-based detection performs poorly when attempting to identify new viruses. Motivated by the standard signature-based technique for detecting viruses, and a recent successful text classification method, n-grams analysis, we explore the idea of automatically detecting new malicious code. We employ n-grams analysis to automatically generate signatures from malicious and benign software collections. The n-gramsbased signatures are capable of classifying unseen benign and malicious code. The datasets used are large compared to earlier applications of n-grams analysis.

Contemporary Malicious Code Detection-Techniques

2013

The major security threat that is predominant today is Cyber Warfare. What could constitute this threat? There is no doubt, this warfare is not the exchange of nuclear weapons or missiles but deployment of malicious code across or within dispersed internetwork points in order to gain access/ infiltrate and cause serious damages to confidential data in the systems. Now what constitute this threat is malicious executables especially new, hidden malicious executables often arriving as electronic mail attachments. Malicious Code is any code added, modified or removed from the system software in order to intentionally cause havoc or subvert intended function of the system. This threat has continued to grow geometrically as internet grows and constantly accelerates the trends of interconnectedness in distribution of these malware. The vulnerability of systems are weighed and exploited by rogue programmers (Authors of Malware). This paper introduces taxonomy of malicious code, types such as Computer Viruses, Trojan Horses, Logic Bombs and Worms. More importantly, it also focuses on the techniques such as signature-based and nonsignature-based technologies employed to tackle this exploitation of confidential access or destruction of information resources In addition, it is an important prerequisite for the development of removal tools that can thoroughly delete malware from an infected machine.

A Survey on Malware Attacks Analysis and Detected

International Research Journal of Innovations in Engineering and Technology

Malware is one of the biggest problems modern internet users face. Private data and pricey computing resources are seriously threatened by the rise in malware attacks. Anti-malware businesses rely on signatures, which do in fact involve regular expressions and strings, to find malware and its related families. Recent malware attacks in recent years have demonstrated that signature-based techniques are error-prone and easily avoided by sophisticated malware programs. This essay provides an introductory overview of malware and analysis techniques used, as well as detection techniques used by researchers.

A study of signature-based and behaviour-based malware detection approaches

International Journal of Advance Research, Ideas and Innovations in Technology, 2019

In the present scenario, one of the biggest threats to computers and mobile devices is malware. There are two approaches to detect and prevent malware infections: Signature-based and Behavior-based approach. The Signature-based approach is more widely used, but this outlook can only be used to detect existing and old malware and it does not allow understanding future threats and militating against these threats. The Behavior based approach uses a dynamic analysis method to understand and classify malware. However, it is still not as favored as its counterpart due to its limiting behavior. In this paper, we study both Signature-based and Behavior-based approaches to determine which the favorable approach to malware detection is.

AutoSign: an automatic signature generator for high-speed malware filtering devices

Journal in Computer Virology, 2010

This research proposes a novel automatic method (termed Auto-Sign) for extracting unique signatures of malware executables to be used by high-speed malware filtering devices based on deep-packet inspection and operating in real-time. Contrary to extant string and token-based signature generation methods, we implemented Auto-Sign an automatic signature generation method that can be used on large-size malware by disregarding signature candidates which appear in benign executables. Results from experimental evaluation of the proposed method suggest that picking a collection of executables which closely represents commonly used code, plays a key role in achieving highly specific signatures which yield low false positives.

IJERT-Contemporary Malicious Code Detection-Techniques

International Journal of Engineering Research and Technology (IJERT), 2013

https://www.ijert.org/contemporary-malicious-code-detection-techniques https://www.ijert.org/research/contemporary-malicious-code-detection-techniques-IJERTV2IS101016.pdf The major security threat that is predominant today is Cyber Warfare. What could constitute this threat? There is no doubt, this warfare is not the exchange of nuclear weapons or missiles but deployment of malicious code across or within dispersed internetwork points in order to gain access/ infiltrate and cause serious damages to confidential data in the systems. Now what constitute this threat is malicious executables especially new, hidden malicious executables often arriving as electronic mail attachments. Malicious Code is any code added, modified or removed from the system software in order to intentionally cause havoc or subvert intended function of the system. This threat has continued to grow geometrically as internet grows and constantly accelerates the trends of interconnectedness in distribution of these malware. The vulnerability of systems are weighed and exploited by rogue programmers (Authors of Malware). This paper introduces taxonomy of malicious code, types such as Computer Viruses, Trojan Horses, Logic Bombs and Worms. More importantly, it also focuses on the techniques such as signature-based and nonsignature-based technologies employed to tackle this exploitation of confidential access or destruction of information resources In addition, it is an important prerequisite for the development of removal tools that can thoroughly delete malware from an infected machine.

Malware Detection Using N - GRAM Based File Signature Based Method

We know tha t malware can affect on computer data, they disturb computer .there is large growth in virus of different like Trojan horses, worms, benign etc. however developer has need pay attention on that activity ,need to develop strong anti - analysis technique for t hat. Malware detection is critical technique in computer security. Signature based method for malware detection is used, this is mostly used in commercial antivirus software but this method detects malware only when virus caused damage or already registere d. Otherwise it fail to detect malware. Applying a methodology proven successful in similar problem - domains, we propose the use of n - grams as file signatures in order to detect unknown malware whilst keeping low false positive ratio. We show that n - grams s ignatures provide an effective way to detect unknown malware