Abstract
The number of malware increases steadily and is too many. So a malware analyst cannot analyze these manually. Therefore many researchers are working on automatic malware analysis. As a result of these researches, there are so many algorithms. The representative example may be a behavior based malware automatic analysis system. For example, these are the Bitblaze [1], Anubis[2], and so on. However these behaviors based analysis result is not enough. So for more detail analysis and advanced automatic analysis feature, the automatic static analysis engine is necessary. Then some projects apply an automatic static analysis engine and the research on automatic static analysis is working. These analysis methods use the structural characteristic of malware, and that is the reason the malware is also software, there is a toolkit for a malware generation, and a malware author reuse some codes. For automatic static analysis, it is so useful that the static analysis engine uses the structural characteristic of malware. However previous researches have some problem. For example, these are a performance, false positive, detection ratio, and so on. Therefore we’ll describe another method that used the structural characteristic of malware.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
BitBlaze: Binary Analysis for Computer Security, http://bitblaze.cs.berkeley.edu/
Anubis: Analyzing Unknown Binaries, http://anubis.iseclab.org/
Edit distance, http://en.wikipedia.org/wiki/Edit_distance
Goldberg, L.A., Goldberg, P.W., Phillips, C.A., Sorkin, G.B.: Constructing computer virus phylogenies. Journal of Algorithms 26(1), 188–208 (1998)
Wehner, S.: Analyzing worms using compression (2004)
Carrera, E., Erdélyi, G.: Digital genome mapping – advanced binary malware analysis. In: Proc. Virus Bull. Int. Conf., pp. 187–197 (September 2004)
Karim, E., Walenstein, A., Lakhotia, A., Parida, L.: Malware phylogeny using maximal p-patterns. In: Proceedings of the EICAR 2005 Conference, pp. 167–174 (April-May 2005)
Kang, M.G., Poosankam, P., Yin, H.: Renovo:A hidden code extractor for packed executables. In: Workshop on Recurring Malcode, pp. 46–53 (2007)
Gheorghescu, M.: An Automated Virus Classification System. In: Virus Bulletin Conference (2005)
Cesare, S., Xiang, Y.: Classification of Malware Using Structured Control Flow. In: Proc. 8th Australasian Symposium on Parallel and Distributed Computing (2010)
Krügel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic Worm Detection Using Structural Information of Executables. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 207–226. Springer, Heidelberg (2006)
Trinius, P.: Visual Analysis of Malware Behavior Using Treemaps and Thread Graphs. In: Vizsec 2009, pp. 33–38 (2009)
Quist, D.A.: Visualizing CompiledExecutables for Malware Analysis. In: Vizsec 2009, pp. 27–32 (2009)
Zubair Shafiq, M.: PE-probe: leveraging packer detection and structural information to detect malicious portable executables. In: VB 2009 (2009)
Kaczmarek, M.: Architecture of a Morphological Malware Detector. Journal in Computer Virology (2008)
Vinod, P.: Static CFG analyzer for metamorphic. In: PIN 2009 (2009)
Song, D., Brumley, D., Yin, H., Caballero, J., Jager, I., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Saxena, P.: BitBlaze: A new approach to computer security via binary analysis. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 1–25. Springer, Heidelberg (2008)
Dullien, T., Rolles, R., Bochum, R.-U.: Graph-based comparison of executable objects (2005)
Sabin, T.: Comparing Binaries with Graph Isomorphisms (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shin, D., Lee, K., Won, D. (2011). Malware Variant Detection and Classification Using Control Flow Graph. In: Lee, G., Howard, D., Ślęzak, D. (eds) Convergence and Hybrid Information Technology. ICHIT 2011. Communications in Computer and Information Science, vol 206. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24106-2_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-24106-2_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24105-5
Online ISBN: 978-3-642-24106-2
eBook Packages: Computer ScienceComputer Science (R0)