loading
Documents

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Byoungkoo Kim 1 ; Ikkyun Kim 2 and Tai-Myoung Chung 3

Affiliations: 1 Electronics and Teletcommunicatons Research Institute and Sungkyunkwan University, Korea, Republic of ; 2 Electronics and Teletcommunicatons Research Institute, Korea, Republic of ; 3 Sungkyunkwan University, Korea, Republic of

ISBN: 978-989-8565-24-2

ISSN: 2184-2825

Keyword(s): Network Packet, Malware Detection, Region Analysis, Executable File.

Related Ontology Subjects/Areas/Topics: Information and Systems Security ; Network Security ; Secure Software Development Methodologies ; Security in Information Systems ; Security Information Systems Architecture and Design and Security Patterns ; Wireless Network Security

Abstract: The injury by various computer viruses is over the time comprised of the tendency to increase. Therefore, various methodologies for protecting the computer system from the threats of new malicious software are actively studied. In this paper, we present a network-based executable file extraction and analysis technique for malware detection. Here, an executable file extraction is processed by executable file specific session and pattern matching in reconfiguring hardware. Next, malware detection is processed by clustering analysis technique about an executable file which is divided into many regions. In other words, it detects a malware by measuring the byte distribution similarity between malicious executable files and normal executable files. The proposed technique can detect not only the known malicious software but also the unknown malicious software. Most of all, it uses network packets as analysis source unlike the existing host anti-virus techniques. Besides, the proposed detect ion technique easily can detect malicious software without complicated command analysis. Therefore, our approach can minimize the load on the system execution despite the load on the additional network packet processing. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.230.119.106

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Kim, B.; Kim, I. and Chung, T. (2012). Network-based Executable File Extraction and Analysis for Malware Detection.In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, ISSN 2184-2825, pages 430-433. DOI: 10.5220/0004126104300433

@conference{secrypt12,
author={Byoungkoo Kim. and Ikkyun Kim. and Tai{-}Myoung Chung.},
title={Network-based Executable File Extraction and Analysis for Malware Detection},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={430-433},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004126104300433},
isbn={978-989-8565-24-2},
}

TY - CONF

JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Network-based Executable File Extraction and Analysis for Malware Detection
SN - 978-989-8565-24-2
AU - Kim, B.
AU - Kim, I.
AU - Chung, T.
PY - 2012
SP - 430
EP - 433
DO - 10.5220/0004126104300433

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.