BROWSE
Detail
Conference Paper
Network-based Executable File Extraction and Analysis for Malware Detection
Cited - time in 
Share 
Share
- Authors
- Byoungkoo Kim, Ikkyun Kim, Tai-Myoung Chung
- Issue Date
- 2012-07
- Citation
- International Conference on Security and Cryptography (SECRYPT) 2012, pp.430-433
- Language
- English
- Type
- Conference Paper
- Abstract
- The injury by various computer viruses is over the time comprised of the tendency to increase. Therefore, various methodologies for protecting the computer system from the threats of new malicious software are actively studied. In this paper, we present a network-based executable file extraction and analysis technique for malware detection. Here, an executable file extraction is processed by executable file specific session and pattern matching in reconfiguring hardware. Next, malware detection is processed by clustering analysis technique about an executable file which is divided into many regions. In other words, it detects a malware by measuring the byte distribution similarity between malicious executable files and normal executable files. The proposed technique can detect not only the known malicious software but also the unknown malicious software. Most of all, it uses network packets as analysis source unlike the existing host anti-virus techniques. Besides, the proposed detection technique easily can detect malicious software without complicated command analysis. Therefore, our approach can minimize the load on the system execution despite the load on the additional network packet processing.
- KSP Keywords
- Byte distribution, Clustering Analysis, Computer systems, Computer viruses, Executable file, Malware detection, Network Packet Processing, Network-based, anti-virus, detection techniques, malicious software