Dynamic Malware Detection by Similarity Measures Between Behavioral Profiles: an Introduction in French - CentraleSupélec Accéder directement au contenu
Communication Dans Un Congrès Année : 2011

Dynamic Malware Detection by Similarity Measures Between Behavioral Profiles: an Introduction in French

Résumé

In [1] we have proposed a advance code obfuscation technique for metamorphic codes. In [2] we have shown that the detection of such obfuscated codes was a problem for classical nowadays static detection tools. In this new paper, written in French, we focus on a new dynamic detection approach which allows to detect variants produced by our metamorphic engine. In addition, our approach can detect unknown malware as long as their behavior approaches that of a known malware. For this, we propose to use a measure of similarity between program behaviors. This measure is obtained by lossless compression of execution traces in terms of system calls. This article describes our approach in detail and provides experimental results of detection, first on our own metamorphic sample codes, secondly and more broadly, on a public 5000-malware database.
Fichier non déposé

Dates et versions

hal-00606065 , version 1 (05-07-2011)

Identifiants

  • HAL Id : hal-00606065 , version 1

Citer

Jean-Marie Borello, Ludovic Mé, Eric Filiol. Dynamic Malware Detection by Similarity Measures Between Behavioral Profiles: an Introduction in French. Network and Information Systems Security (SAR-SSI), May 2011, La Rochelle, France. pp.NC. ⟨hal-00606065⟩
140 Consultations
0 Téléchargements

Partager

Gmail Facebook X LinkedIn More