Control Flow Change in Assembly as a Classifier in Malware Analysis

Files in This Item:
 File SizeFormat
Download42_ISDFS16_CFC_AA.pdf368.62 kBAdobe PDF
Title: Control Flow Change in Assembly as a Classifier in Malware Analysis
Authors: Linke, AndreeLe-Khac, Nhien-An
Permanent link:
Date: 27-Apr-2016
Online since: 2016-05-17T14:49:04Z
Abstract: As currently classical malware detection methods based on signatures fail to detect new malware, they are not always efficient with new obfuscation techniques. Besides, new malware is easily created and old malware can be recoded to produce new one. Therefore, classical Antivirus becomes consistently less effective in dealing with those new threats. Also malware gets hand tailored to bypass network security and Antivirus. But as analysts do not have enough time to dissect suspected malware by hand, automated approaches have been developed. To cope with the mass of new malware, statistical and machine learning methods proved to be a good approach classifying programs, especially when using multiple approaches together to provide a l ikelihood of software b e ing malicious. In normal approach, some steps have been taken, mostly by analyzing the opcodes or mnemonics of disassembly and their distribution. In this paper, we focus on the control flow change (CFC) itself and finding out if it is significant to detect malware. In the scope of this work, only relative control flow changes are contemplated, as these are easier to extract from the first chosen disassembler library and are within a range of 256 addresses. These features are analyze d as a raw feature, as n-grams of length 2, 4 and 6 and the even more abstract feature of the occurrences of the n-grams is used. Statistical methods were used as well as the Naïve-Bayes algorithm to find out if there is significant data in CFC. We also test our approach with real-world datasets.
Type of material: Conference Publication
Publisher: IEEE
Copyright (published version): 2016 IEEE
Keywords: Malware analysisControl flow changeNaïve-Bayes analysisn-gram signatures
DOI: 10.1109/ISDFS.2016.7473514
Other versions:
Language: en
Status of Item: Peer reviewed
Conference Details: 2016 4th IEEE International Symposium on Digital Forensics and Security (ISDFS), Arkansas, USA, 25 - 27 April 2016
This item is made available under a Creative Commons License:
Appears in Collections:Computer Science Research Collection

Show full item record

Citations 50

Last Week
Last month
checked on Sep 12, 2020

Page view(s)

Last Week
Last month
checked on Jan 23, 2022

Download(s) 50

checked on Jan 23, 2022

Google ScholarTM



If you are a publisher or author and have copyright concerns for any item, please email and the item will be withdrawn immediately. The author or person responsible for depositing the article will be contacted within one business day.