Skip to main content
SpringerLink
Log in

Malware Variant Detection and Classification Using Control Flow Graph

  • Conference paper
Convergence and Hybrid Information Technology (ICHIT 2011)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 206))

Included in the following conference series:

Abstract

The number of malware increases steadily and is too many. So a malware analyst cannot analyze these manually. Therefore many researchers are working on automatic malware analysis. As a result of these researches, there are so many algorithms. The representative example may be a behavior based malware automatic analysis system. For example, these are the Bitblaze [1], Anubis[2], and so on. However these behaviors based analysis result is not enough. So for more detail analysis and advanced automatic analysis feature, the automatic static analysis engine is necessary. Then some projects apply an automatic static analysis engine and the research on automatic static analysis is working. These analysis methods use the structural characteristic of malware, and that is the reason the malware is also software, there is a toolkit for a malware generation, and a malware author reuse some codes. For automatic static analysis, it is so useful that the static analysis engine uses the structural characteristic of malware. However previous researches have some problem. For example, these are a performance, false positive, detection ratio, and so on. Therefore we’ll describe another method that used the structural characteristic of malware.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. BitBlaze: Binary Analysis for Computer Security, http://bitblaze.cs.berkeley.edu/

  2. Anubis: Analyzing Unknown Binaries, http://anubis.iseclab.org/

  3. Edit distance, http://en.wikipedia.org/wiki/Edit_distance

  4. Goldberg, L.A., Goldberg, P.W., Phillips, C.A., Sorkin, G.B.: Constructing computer virus phylogenies. Journal of Algorithms 26(1), 188–208 (1998)

    Article  MathSciNet  MATH  Google Scholar 

  5. Wehner, S.: Analyzing worms using compression (2004)

    Google Scholar 

  6. Carrera, E., Erdélyi, G.: Digital genome mapping – advanced binary malware analysis. In: Proc. Virus Bull. Int. Conf., pp. 187–197 (September 2004)

    Google Scholar 

  7. Karim, E., Walenstein, A., Lakhotia, A., Parida, L.: Malware phylogeny using maximal p-patterns. In: Proceedings of the EICAR 2005 Conference, pp. 167–174 (April-May 2005)

    Google Scholar 

  8. Kang, M.G., Poosankam, P., Yin, H.: Renovo:A hidden code extractor for packed executables. In: Workshop on Recurring Malcode, pp. 46–53 (2007)

    Google Scholar 

  9. Gheorghescu, M.: An Automated Virus Classification System. In: Virus Bulletin Conference (2005)

    Google Scholar 

  10. Cesare, S., Xiang, Y.: Classification of Malware Using Structured Control Flow. In: Proc. 8th Australasian Symposium on Parallel and Distributed Computing (2010)

    Google Scholar 

  11. Krügel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic Worm Detection Using Structural Information of Executables. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 207–226. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  12. Trinius, P.: Visual Analysis of Malware Behavior Using Treemaps and Thread Graphs. In: Vizsec 2009, pp. 33–38 (2009)

    Google Scholar 

  13. Quist, D.A.: Visualizing CompiledExecutables for Malware Analysis. In: Vizsec 2009, pp. 27–32 (2009)

    Google Scholar 

  14. Zubair Shafiq, M.: PE-probe: leveraging packer detection and structural information to detect malicious portable executables. In: VB 2009 (2009)

    Google Scholar 

  15. Kaczmarek, M.: Architecture of a Morphological Malware Detector. Journal in Computer Virology (2008)

    Google Scholar 

  16. Vinod, P.: Static CFG analyzer for metamorphic. In: PIN 2009 (2009)

    Google Scholar 

  17. Song, D., Brumley, D., Yin, H., Caballero, J., Jager, I., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Saxena, P.: BitBlaze: A new approach to computer security via binary analysis. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 1–25. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  18. Dullien, T., Rolles, R., Bochum, R.-U.: Graph-based comparison of executable objects (2005)

    Google Scholar 

  19. Sabin, T.: Comparing Binaries with Graph Isomorphisms (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University, 300 Cheoncheon-dong, Jangan-gu, Suwon, Gyeonggi-do, 440-746, Korea

    Donghwi Shin, Kwangwoo Lee & Dongho Won

Authors
  1. Donghwi Shin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kwangwoo Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dongho Won
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. 90301, 3F, Computer Engineering Department, Hannam University, 70 Hannamro, Daedeuk-gu, Daejeon, Korea

    Geuk Lee

  2. QinetiQ Company Fellow, Howard Science Limited, 24 Sunrise, WR14 2NJ, Malvern, United Kingdom

    Daniel Howard

  3. Institute of Mathematics, University of Warsaw, ul. Banacha 2, 02-097, Warsaw, Poland

    Dominik Ślęzak

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Shin, D., Lee, K., Won, D. (2011). Malware Variant Detection and Classification Using Control Flow Graph. In: Lee, G., Howard, D., Ślęzak, D. (eds) Convergence and Hybrid Information Technology. ICHIT 2011. Communications in Computer and Information Science, vol 206. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24106-2_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-24106-2_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-24105-5

  • Online ISBN: 978-3-642-24106-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation