文章基本信息

标题：A Bit Vector Based Binary Code Comparison Method for Static Malware Analysis
本地全文：下载
作者：Ki-Su Kim ; Hyo-Jeong Shin ; Hyong-Shik Kim 等
期刊名称：Journal of Computers
印刷版ISSN：1796-203X
出版年度：2018
卷号：13
期号：5
页码：545-554
DOI：10.17706/jcp.13.5.545-554
语种：English
出版社：Academy Publisher
摘要：As variants of malicious codes have made it difficult and complicated to detect possible threat inthe Internet, it is one of the most important challenges to analyze the malwares correctly in a timely manner.It has been also observed that we need static analysis as well as dynamic analysis to detect the malwarecorrectly. In this paper, we define a bit vector to characterize a binary code, and utilize it for static malwareanalysis. Since each bit of a bit vector is organized to indicate the existence of a certain function or codeblock, we could replace a comparison operation on binary codes by simple logical operations. Commonfeatures of a group of binary codes could be also captured by bit vectors, which would be used to determinewhether another binary code is similar to those of the group or not. Experimental results show that the bitvector could be effectively utilized to do static malware analysis, and that the group bit vectors could helpclassify the malwares into their appropriate groups.
关键词：Binary code comparison; static malware analysis; bit vector representation.