Using Markov chains to filter machine-morphed variants of malicious programs.
MALWARE 2008: PROCEEDINGS OF THE 2008 3RD INTERNATIONAL CONFERENCE ON MALICIOUS AND UNWANTED SOFTWARE(2008)
摘要
Of the enormous quantity malicious programs seen in the wild, most are variations of previously seen programs. Automated program transformation tools-i.e., code morphers-are one of the ways of making such variants in volume. This paper proposes a Markov chain-based framework for fast, approximate detection of variants of known morphers wherein every morphing operation independently and predictably alters quickly-checked global program properties. Specifically, identities from Markov chain theory are applied to approximately determine whether a given program may be a variant created from some given previous program, or whether it definitely is not. The framework is used to define a method for finding telltale signs of the use of closed-world, instruction-substituting, transformers within the frequencies of instruction forms found in a program. This decision method may yield a fast technique to aid malware detection.
更多查看译文
关键词
markov chains,markov processes,engines,mathematical model,filtering,markov chain,production,probabilistic logic
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要