ETRI-Knowledge Sharing Plaform

KOREAN
논문 검색
Type SCI
Year ~ Keyword

Detail

Journal Article Executable Code Recognition in Network Flows Using Instruction Transition Probabilities
Cited 2 time in scopus Share share facebook twitter linkedin kakaostory
Authors
Ik Kyun Kim, Koo Hong Kang, Yang Seo CHOI, Dae Won Kim, Jin Tae Oh, Jong Soo Jang, Ki Jun Han
Issue Date
2008-07
Citation
IEICE Transactions on Information and Systems, v.E91-D, no.7, pp.2076-2078
ISSN
0916-8532
Publisher
일본, 전자정보통신학회 (IEICE)
Language
English
Type
Journal Article
DOI
https://dx.doi.org/10.1093/ietisy/e91-d.7.2076
Abstract
The ability to recognize quickly inside network flows to be executable is prerequisite for malware detection. For this purpose, we introduce an instruction transition probability matrix (ITPX) which is comprised of the IA-32 instruction sets and reveals the characteristics of executable code's instruction transition patterns. And then, we propose a simple algorithm to detect executable code inside network flows using a reference ITPX which is learned from the known Windows Portable Executable files. We have tested the algorithm with more than thousands of executable and non-executable codes. The results show that it is very promising enough to use in real world. Copyright © 2008 The Institute of Electronics, Information and Communication Engineers.
KSP Keywords
Information and communication, Instruction sets, Malware detection, Network flow, Portable Executable, Real-world, Simple algorithm, Transition patterns, Transition probability matrix, code recognition