Network-based Executable File Extraction and Analysis for Malware Detection

Byoungkoo Kim, Ikkyun Kim, Tai-Myoung Chung

2012

Abstract

The injury by various computer viruses is over the time comprised of the tendency to increase. Therefore, various methodologies for protecting the computer system from the threats of new malicious software are actively studied. In this paper, we present a network-based executable file extraction and analysis technique for malware detection. Here, an executable file extraction is processed by executable file specific session and pattern matching in reconfiguring hardware. Next, malware detection is processed by clustering analysis technique about an executable file which is divided into many regions. In other words, it detects a malware by measuring the byte distribution similarity between malicious executable files and normal executable files. The proposed technique can detect not only the known malicious software but also the unknown malicious software. Most of all, it uses network packets as analysis source unlike the existing host anti-virus techniques. Besides, the proposed detection technique easily can detect malicious software without complicated command analysis. Therefore, our approach can minimize the load on the system execution despite the load on the additional network packet processing.

References

  1. Liu Wu, Ren Ping, Liu Ke, and Duan Hai-xin, 2011, 'Behavior-based Malware Analysis and Detection', In Proceedings of the 2011 First International Workshop on Complexity and Data Mining, Nanjing, China, pp. 39-42.
  2. Brijesh Kumar and Constantine Katsinis, 2010, 'A Network Based Approach to Malware Detection in Large IT Infrastructures', In Proceedings of the 2010 Ninth IEEE International Symposium on Network Computing and Applications, MA, USA, pp. 188-191.
  3. Ikkyun Kim, Daewon Kim, Byoungkoo Kim, Yangseo Choi, Seoungyong Yoon, Jintae Oh, and Jongsoo Jang, 2009. 'A case study of unknown attack detection against zero-day worm in the honeynet environment', In Proceedings of the 11th international conference on Advanced Communication Technology, NJ, USA, pp. 1715-1720.
  4. Wei-Jen Li, Ke Wang, Salvatore J. Stolfo, and Benjamin Herzog, 2005. 'Fileprints: Identifying File Types by ngram Analysis', In Proceedings of the 2005 IEEE Workshop on Information Assurance and Security, West Point, NY, USA, pp. 64-71.
  5. Ke Wang, Gabriela Cretu, and Salvatore J. Stolfo, 2005. 'Anomalous Payload-based Worm Detection and Signature Generation', In Symposium on Recent Advances in Intrusion Detection, Seattle, WA, USA, pp. 227-246.
  6. Stig Andersson, Andrew Clark, and George Mohay, 2004. 'Network-Based Buffer Overflow Detection by Exploit Code Analysis', In Proceedings of the AusCERT Asia Pacific Information Technology Security Conference, Gold Coast, Australia, pp. 23-27.
  7. C. Krugel, T. Toth, and E. Kirda, 2002. 'Service Specific Anomaly Detection for Network Intrusion Detection', In Proceedings of the 2002 ACM symposium on Applied computing, NY, USA, pp. 201-208.
  8. W. Lee and D. Xiang, 2001. 'Information-theoretic measures for anomaly detection', In Proceedings of the 2001 IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 130-143.
Download


Paper Citation


in Harvard Style

Kim B., Kim I. and Chung T. (2012). Network-based Executable File Extraction and Analysis for Malware Detection . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 430-433. DOI: 10.5220/0004126104300433


in Bibtex Style

@conference{secrypt12,
author={Byoungkoo Kim and Ikkyun Kim and Tai-Myoung Chung},
title={Network-based Executable File Extraction and Analysis for Malware Detection},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={430-433},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004126104300433},
isbn={978-989-8565-24-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Network-based Executable File Extraction and Analysis for Malware Detection
SN - 978-989-8565-24-2
AU - Kim B.
AU - Kim I.
AU - Chung T.
PY - 2012
SP - 430
EP - 433
DO - 10.5220/0004126104300433