Concordia: a Google for malware
CSIIRW '10: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research(2010)
摘要
This paper introduces a new architecture for automating the generalization of program structure and the recognition of common patterns. By using massively parallel processing on large program sets we can recognize common code sequences such as loop constructs, if-then-else structures, and subroutine calls. We can also recognize common library sequences. The Concordia architecture generalizes the recognized elements so they can be collected into invariant forms. The invariant forms can be used by the analyst to understand the program being analyzed. The invariant forms can also be used to classify large numbers of programs automatically.
更多查看译文
关键词
program structure,if-then-else structure,new architecture,large number,common code,invariant form,large program,common library sequence,common pattern,concordia architecture,malware,machine learning
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要