Abstract
Internet continues to evolve and touches every aspect of our daily life thus communications through internet is becoming inevitable. Computer security has been hence becoming one of the important concerns of internet users. Malware, a malicious software, is a harmful code that poses security thread for infected machines, thus malware detection has become one of the most important research topics in computer security. Malware detection methods can be categorized into signature-based, and behavior-based methods; each of which can be performed in a dynamical or static behavior. In this paper, we describe a static signature-based malware detection method based on opcode and binary file signatures. The proposed method is based on N-gram distribution and is improved using a proposed Top K approach which suggests selecting top most similar k files in classification of a new unknown file. The results are evaluated on VXheaven malware binaries, and windows system files are used as a repository of benign binaries.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Phelps, R.: Rethinking business continuity: emerging trends in the profession and the manager’s role. J. Bus. Contin. Emerg. Plann. 8(1), 49–58 (2014)
Mathur, K., Hiranwal, S.: A survey on techniques in detection and analyzing malware executables. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 3(4), 422–428 (2013)
Idika, N., Mathur, A.P.: A Survey of Malware Detection Techniques. vol. 48, Purdue University (2007)
Bacci, A., et al.: Impact of code obfuscation on android malware detection based on static and dynamic analysis. In: 4th International Conference on Information Systems Security and Privacy. Scitepress (2018)
Vinod, P., Jaipur, R., Laxmi, V., Gaur, M.: Survey on malware detection methods. In: Proceedings of the 3rd Hackers’ Workshop on Computer and Internet Security (IITKHACK 2009), pp. 74–79 (2009)
Urbanski, T.: Rapidshare & Co in the sights of the malware-mafia (2017)
Szor, P.: The Art of Computer Virus Research and Defense. Pearson Education (2005)
Cohen, F.: Computer viruses: theory and experiments. Comput. Secur. 6(1), 22–35 (1987)
Annachhatre, C., Austin, T.H., Stamp, M.: Hidden Markov models for malware classification. J. Comput. Virol. Hacking Tech. 11(2), 59–73 (2015)
Li, W.-J., et al.: Fileprints: identifying file types by n-gram analysis. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop 2005, IAW 2005. IEEE (2005)
Weber, M., et al.: A toolkit for detecting and analyzing malicious software. In: Null. IEEE (2002)
Chinchani, R., Van Den Berg, E.: A fast static analysis approach to detect exploit code inside network flows. In: International Workshop on Recent Advances in Intrusion Detection. Springer (2005)
Rozinov, T., Rozinov, K., Memon, ND.: Efficient static analysis of executables for detecting malicious behaviors (2005)
Bilar, D.: Callgraph properties of executables. AI Commun. 20(4), 231–243 (2007)
Ries, C.: Automated identification of malicious code variants (2005)
Bilar, D.: Opcodes as predictor for malware. Int. J. Electron. Secur. Digital Forensics 1(2), 156–168 (2007)
Santos, I., et al.: Idea: opcode-sequence-based malware detection. In: International Symposium on Engineering Secure Software and Systems. Springer (2010)
Sung, A.H., et al.: Static analyzer of vicious executables (save). In: 20th Annual Computer Security Applications Conference 2004. IEEE (2004)
Shabtai, A., et al.: Detecting unknown malicious code by applying classification techniques on opcode patterns. Secur. Inf. 1(1), 1 (2012)
Christodorescu, M., et al.: Malware Normalization. University of Wisconsin (2005)
Sgroi, M., Jacobson, D.: Dynamic and system agnostic malware detection via machine learning (2018)
Sathyanarayan, V.S., Kohli, P., Bruhadeshwar, B.: Signature generation and detection of malware families. In: Australasian Conference on Information Security and Privacy. Springer (2008)
Shankarpani, M., et al.: Computational intelligent techniques and similarity measures for malware classification. In: Computational Intelligence for Privacy and Security, pp. 215–236. Springer (2012)
Heaven, V.: Computer virus collection (2014). http://vxheaven.org/vl.php
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Jalilian, A., Narimani, Z., Ansari, E. (2020). Static Signature-Based Malware Detection Using Opcode and Binary Information. In: Bohlouli, M., Sadeghi Bigham, B., Narimani, Z., Vasighi, M., Ansari, E. (eds) Data Science: From Research to Application. CiDaS 2019. Lecture Notes on Data Engineering and Communications Technologies, vol 45. Springer, Cham. https://doi.org/10.1007/978-3-030-37309-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-37309-2_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37308-5
Online ISBN: 978-3-030-37309-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)