ETRI-Knowledge Sharing Plaform

ENGLISH

성과물

논문 검색
구분 SCI
연도 ~ 키워드

상세정보

학술지 Executable Code Recognition in Network Flows Using Instruction Transition Probabilities
Cited 2 time in scopus Download 0 time Share share facebook twitter linkedin kakaostory
저자
김익균, 강구홍, 최양서, 김대원, 오진태, 장종수, 한기준
발행일
200807
출처
IEICE Transactions on Information and Systems, v.E91-D no.7, pp.2076-2078
ISSN
0916-8532
출판사
일본, 전자정보통신학회 (IEICE)
DOI
https://dx.doi.org/10.1093/ietisy/e91-d.7.2076
협약과제
08MS2100, Network 위협의 Zero-Day Attack 대응을 위한 실시간 공격 Signature 생성 및 관리 기술개발, 장종수
초록
The ability to recognize quickly inside network flows to be executable is prerequisite for malware detection. For this purpose, we introduce an instruction transition probability matrix (ITPX) which is comprised of the IA-32 instruction sets and reveals the characteristics of executable code's instruction transition patterns. And then, we propose a simple algorithm to detect executable code inside network flows using a reference ITPX which is learned from the known Windows Portable Executable files. We have tested the algorithm with more than thousands of executable and non-executable codes. The results show that it is very promising enough to use in real world. Copyright © 2008 The Institute of Electronics, Information and Communication Engineers.
키워드
Executable code, IA-32 instruction, Malware detection
KSP 제안 키워드
Information and communication, Instruction sets, Malware detection, Network flow, Portable Executable, Real-world, Simple algorithm, Transition patterns, Transition probability matrix, code recognition