Tang, Hong Ying (2010) A new approach to malware detection. Masters thesis, Concordia University.
Preview |
Text (application/pdf)
3MBMR67230.pdf - Accepted Version |
Abstract
Malware is a type of malicious programs, and is one of the most common and serious types of attacks on the Internet. Obfuscating transformations have been widely applied by attackers to malware, which makes malware detection become a more challenging issue. There has been extensive research to detect obfuscated malware. A promising research direction uses both control-flow graph and instruction classes of basic blocks as the signature of malware. This research direction is robust against certain obfuscation, such as variable substitution, instruction reordering. But only using instruction classes to detect obfuscated basic blocks will cause high false positives and false negatives. In this thesis, based on the same research direction, we proposed an improved approach to detect obfuscated malware. In addition to using CFG, our approach also uses functionalities of basic block as the signature of malware. Specifically, our contributions are presented as follows: 1) we design "signature calculation algorithm" to extract the signature of a malicious code fragment. "Signature calculation algorithm" is based on compiler optimization algorithm, but add and integrate memory sub-variable optimization, expression formalization and cross basic block propagation into it. 2) we formalize the expressions of assignment statements to facilitate comparing the functionalities of two expressions. 3) we design a detection algorithm to detect whether a program is an obfuscated malware instance. Our detection algorithm compares two aspects: CFG and the functionalities of basic blocks. 4) we implement the proposed approach, and perform experiments to compare our approach and the previous approach.
Divisions: | Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering |
---|---|
Item Type: | Thesis (Masters) |
Authors: | Tang, Hong Ying |
Pagination: | xiii, 101 leaves : ill. ; 29 cm. |
Institution: | Concordia University |
Degree Name: | M.A. Sc. |
Program: | Institute for Information Systems Engineering |
Date: | 2010 |
Thesis Supervisor(s): | Zhu, Bo |
Identification Number: | LE 3 C66I54M 2010 T36 |
ID Code: | 979350 |
Deposited By: | Concordia University Library |
Deposited On: | 09 Dec 2014 17:57 |
Last Modified: | 13 Jul 2020 20:12 |
Related URLs: |
Repository Staff Only: item control page