Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
HICSS
2010
IEEE
2010
IEEE
Concurrent Architecture for Automated Malware Classification
This paper introduces a new architecture for automating the generalization of program structure and the recognition of common patterns in the area of malware analysis. By using massively parallel processing on large malware program sets we can recognize common code sequences, such as loop constructs, if-then-else structures, and subroutine calls. We can also recognize common subroutine sequences. The Concordia architecture generalizes the recognized elements so they can be collected into invariant forms. The invariant forms can be used by the analyst to understand the program being analyzed. The invariant forms can also be used to classify large numbers of programs automatically. Motivation Current practice in malware analysis uses our most expensive resource, namely the analyst, to analyze programs one at a time. The large volume of malicious programs is rapidly overwhelming our ability to analyze malware in a timely manner. The analyst has few tools to automatically classify a parti...
Real-time Traffic| Added | 17 May 2010 |
| Updated | 17 May 2010 |
| Type | Conference |
| Year | 2010 |
| Where | HICSS |
| Authors | Timothy Daly, Luanne Burns |
Comments (0)
Researcher Info
|
