DY VSOR: DYNAMIC MALWARE DETECTION BASED ON EXTRACTING PATTERNS FROM VALUE SETS OF REGISTERS

Q: How can I download an article?

To download an article from SID, first log in to the site, search for the article title, and click on the 'Download Article' option.

Q: How can I download an ISI article?

To download an ISI article on SID, enter the keyword or article title in the search bar, view the relevant results, click on the desired article, and select the 'Download Article' option.

Q: How can I access the SID database?

To access the SID database, visit SID.ir, create an account, and log in to access scientific resources.

Q: Is downloading articles from SID free?

Some articles on SID are available for free, while others require payment. Details are specified on the article's page.

GHIASI MAHBOOBE; Sami Ashkan; SALEHI ZAHRA

مرکز اطلاعات علمی Scientific Information Database (SID) - Trusted Source for Research and Academic Resources

Journal Paper

Paper Information

Journal: THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY Year:2013 | Volume:5 | Issue:1 Page(s): 71-82

Download Full-Text

Persian Verion

View:

383

Download:

163

Cites:

Information Journal Paper

Title

DY VSOR: DYNAMIC MALWARE DETECTION BASED ON EXTRACTING PATTERNS FROM VALUE SETS OF REGISTERS

Author(s)

GHIASI MAHBOOBE | Sami Ashkan | SALEHI ZAHRA | Issue Writer Certificate

Keywords

MALWARE DETECTIONQ2

API CALLQ2

DYNAMIC ANALYSISQ2

CPU REGISTER VALUESQ2

X86 REGISTERS VALUESQ2

Abstract

To control the exponential growth of malware les, security analysts pursue dynamic approaches that automatically identify and analyze malicious software samples. Obfuscation and polymorphism employed by malwares make it difficult for signature-based systems to detect sophisticated malware les. The DYNAMIC ANALYSIS or run-time behavior provides a better technique to identify the threat. In this paper, a dynamic approach is proposed in order to extract features from binaries. The run-time behavior of the binary les were found and recorded using a homemade tool that provides a controlled environment. The approach based on Dy VSoR assumes that the run-time behavior of each binary can be represented by the values of registers. A method to compute the similarity between two binaries based on the value sets of the registers is presented. Hence, the values are traced before and after invoked API CALLs in each binary and mapped to some vectors. To detect an unknown le, it is enough to compare it with dataset binaries by computing the distance between registers, content of this le and all binaries. This method could detect malicious samples with 96.1% accuracy and 4% false positive rate. The list of execution traces and the dataset are reachable at: http: //home.shirazu.ac.ir/ sami/malware.

Cites

No record.

References

No record.

Cite

APA: Copy

GHIASI, MAHBOOBE, Sami, Ashkan, & SALEHI, ZAHRA. (2013). DY VSOR: DYNAMIC MALWARE DETECTION BASED ON EXTRACTING PATTERNS FROM VALUE SETS OF REGISTERS. THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 5(1 ), 71-82. SID. https://sid.ir/paper/241813/en

Vancouver: Copy

GHIASI MAHBOOBE, Sami Ashkan, SALEHI ZAHRA. DY VSOR: DYNAMIC MALWARE DETECTION BASED ON EXTRACTING PATTERNS FROM VALUE SETS OF REGISTERS. THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY[Internet]. 2013;5(1 ):71-82. Available from: https://sid.ir/paper/241813/en

IEEE: Copy

MAHBOOBE GHIASI, Ashkan Sami, and ZAHRA SALEHI, “DY VSOR: DYNAMIC MALWARE DETECTION BASED ON EXTRACTING PATTERNS FROM VALUE SETS OF REGISTERS,” THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY, vol. 5, no. 1 , pp. 71–82, 2013, [Online]. Available: https://sid.ir/paper/241813/en

Related Journal Papers