Detection of New Malicious Code Using N-grams Signatures

13 years 6 months ago

Download dev.hil.unb.ca

Signature-based malicious code detection is the standard technique in all commercial anti-virus software. This method can detect a virus only after the virus has appeared and caused damage. Signature-based detection performs poorly when attempting to identify new viruses. Motivated by the standard signature-based technique for detecting viruses, and a recent successful text classification method, n-grams analysis, we explore the idea of automatically detecting new malicious code. We employ n-grams analysis to automatically generate signatures from malicious and benign software collections. The n-gramsbased signatures are capable of classifying unseen benign and malicious code. The datasets used are large compared to earlier applications of n-grams analysis.

Tony Abou-Assaleh, Nick Cercone, Vlado Keselj, Ray

Real-time Traffic

Malicious Code | Malicious Code Detection | N-grams Analysis | PST 2004 | PST 2008 |

claim paper

» MEF Malicious Email Filter A UNIX Mail Filter That Detects Malicious Windows Executables

» NGramBased Detection of New Malicious Code

» Detection and analysis of drivebydownload attacks and malicious JavaScript code

» An Architecture for KernelLevel Verification of Executables at Run Time

» MetaAware Identifying Metamorphic Malware

» Malicious Shellcode Detection with Virtual Memory Snapshots

» Lurking in the Shadows Identifying Systemic Threats to Kernel Data

» Using Verification Technology to Specify and Detect Malware

Post Info
More Details (n/a)

Added	31 Oct 2010
Updated	31 Oct 2010
Type	Conference
Year	2004
Where	PST
Authors	Tony Abou-Assaleh, Nick Cercone, Vlado Keselj, Ray Sweidan

Comments (0)

Sciweavers

Detection of New Malicious Code Using N-grams Signatures

Malicious Code | Malicious Code Detection | N-grams Analysis | PST 2004 | PST 2008 |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers