상세정보
학술지
Executable Code Recognition in Network Flows Using Instruction Transition Probabilities
- 발행일
- 200807
- 출처
- IEICE Transactions on Information and Systems, v.E91-D no.7, pp.2076-2078
- ISSN
- 0916-8532
- 출판사
- 일본, 전자정보통신학회 (IEICE)
- 협약과제
- 08MS2100, Network 위협의 Zero-Day Attack 대응을 위한 실시간 공격 Signature 생성 및 관리 기술개발, 장종수
- 초록
- The ability to recognize quickly inside network flows to be executable is prerequisite for malware detection. For this purpose, we introduce an instruction transition probability matrix (ITPX) which is comprised of the IA-32 instruction sets and reveals the characteristics of executable code's instruction transition patterns. And then, we propose a simple algorithm to detect executable code inside network flows using a reference ITPX which is learned from the known Windows Portable Executable files. We have tested the algorithm with more than thousands of executable and non-executable codes. The results show that it is very promising enough to use in real world. Copyright © 2008 The Institute of Electronics, Information and Communication Engineers.
- KSP 제안 키워드
- Information and communication, Instruction sets, Malware detection, Network flow, Portable Executable, Real-world, Simple algorithm, Transition patterns, Transition probability matrix, code recognition