Table of Contents Author Guidelines Submit a Manuscript
The Scientific World Journal
Volume 2013, Article ID 671096, 8 pages
http://dx.doi.org/10.1155/2013/671096
Research Article

The Effects of Different Representations on Static Structure Analysis of Computer Malware Signatures

1School of Computing and Mathematical Sciences, Auckland University of Technology, Auckland 1010, New Zealand
2Department of Computing, Unitec Institute of Technology, Auckland 1025, New Zealand
3National Institute of Information and Communications Technology, Tokyo 184-8795, Japan

Received 26 February 2013; Accepted 14 May 2013

Academic Editors: H.-l. Liu and Y. Wang

Copyright © 2013 Ajit Narayanan et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. “World Economic ForumGlobal Risks 2012,” 7th edition, 2012, http://www3.weforum.org/docs/WEF_GlobalRisks_Report_2012.pdf.
  2. Symantec, “Internet security threat report: 2011 trends,” vol. 17, April 2012, http://www.symantec.com/threatreport/.
  3. F. Cohen, “Computer viruses: theory and experiments,” Computers and Security, vol. 6, no. 1, pp. 22–35, 1987. View at Google Scholar · View at Scopus
  4. F. Cohen, “Computational aspects of computer viruses,” Computers and Security, vol. 8, no. 4, pp. 325–344, 1989. View at Publisher · View at Google Scholar · View at Scopus
  5. L. M. Adleman, “An abstract theory of computer viruses,” in Proceedings of the Advances in Cryptology (CRYPTO '88), pp. 354–374, Santa Barbara, Calif, USA, 1990.
  6. Z. Zuo and M. Zhou, “Some further theoretical results about computer viruses,” Computer Journal, vol. 47, no. 6, pp. 627–633, 2004. View at Publisher · View at Google Scholar · View at Scopus
  7. M. Christodorescu, S. Jha, S. A. Seshia, D. Song, and R. E. Bryant, “Semantics-aware malware detection,” in Proceedings of the IEEE Symposium on Security and Privacy (IEEE S and P '05), pp. 32–46, May 2005. View at Scopus
  8. M. D. Preda, M. Christodorescu, S. Jha, and S. Debray, “A semantics-based approach to malware detection,” in Proceedings of the 34th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL '07), pp. 377–388, January 2007. View at Publisher · View at Google Scholar · View at Scopus
  9. S. Cesare and Y. Xiang, “Classification of malware using structured control flow,” in Proceedings of the 8th Australasian Symposium on Parallel and Distributed Computing, pp. 61–70, 2010.
  10. G. Jacob, E. Filiol, and H. Debar, “Formalization of viruses and malware through process algebras,” in Proceedings of the 5th International Conference on Availability, Reliability, and Security (ARES '10), pp. 597–602, February 2010. View at Publisher · View at Google Scholar · View at Scopus
  11. C. Collberg, C. Thomborson, and D. Low, “A taxonomy of obfuscating transformations,” Tech. Rep. 148, Department of Computer Science, The University of Auckland, 1997, https://researchspace.auckland.ac.nz/bitstream/handle/2292/3491/TR148.pdf.
  12. P. Beaucamps, “Advanced metamorphic techniques in computer viruses,” in Proceedings of the International Conference on Computer, Electrical, and Systems Science, and Engineering (CESSE'07), p. 8, 2007.
  13. J.-M. Borello and L. Mé, “Code obfuscation techniques for metamorphic viruses,” Journal in Computer Virology, vol. 4, no. 3, pp. 211–220, 2008. View at Publisher · View at Google Scholar · View at Scopus
  14. D. Spinellis, “Reliable identification of bounded-length viruses is NP-complete,” IEEE Transactions on Information Theory, vol. 49, no. 1, pp. 280–284, 2003. View at Publisher · View at Google Scholar · View at Scopus
  15. G. Bonfante, M. Kaczmarek, and J.-Y. Marion, “On abstract computer virology from a recursion theoretic perspective,” Journal in Computer Virology, vol. 1, no. 3-4, pp. 45–54, 2006. View at Publisher · View at Google Scholar · View at Scopus
  16. S. M. Sridhara and M. Stamp, “Metamorphic worm that carries its own morphing engine,” Journal of Computer Virology and Hacking Techniques, vol. 9, no. 2, pp. 49–58, 2012. View at Publisher · View at Google Scholar
  17. N. Idika and A. P. Mathur, “A survey of malware detection techniques,” Tech. Rep. 286, Department of Computer Science, Purdue University, USA, http://www.serc.net/system/files/SERC-TR-286.pdf.
  18. Y. Robiah, S. Rahayu S, M. Zaki M, S. Shahrin, M. A. Faizal, and R. Marliza, “A new generic taxonomy on hybrid malware detection technique,” International Journal of Computer Science and Information Security, vol. 5, no. 1, pp. 56–60, 2009. View at Google Scholar
  19. Y. Fukushima, A. Sakai, Y. Hori, and K. Sakurai, “A behavior based malware detection scheme for avoiding false positive,” in Proceedings of the 6th IEEE Workshop on Secure Network Protocols (NPSec '10), pp. 79–84, October 2010. View at Publisher · View at Google Scholar · View at Scopus
  20. A. A. E. Elhadi, M. A. Maarof, and A. H. Osman, “Malware detection based on hybrid signature behaviour application programming interface call graph,” American Journal of Applied Sciences, vol. 9, no. 3, pp. 283–288, 2012. View at Google Scholar
  21. Q. Zhang and D. S. Reeves, “MetaAware: identifying metamorphic malware,” in Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC '07), pp. 411–420, December 2007. View at Publisher · View at Google Scholar · View at Scopus
  22. F. Leder, B. Steinbock, and P. Martini, “Classification and detection of metamorphic malware using value set analysis,” in Proceedings of the 4th International Conference on Malicious and Unwanted Software (MALWARE '09), pp. 39–46, October 2009. View at Publisher · View at Google Scholar · View at Scopus
  23. K. Griffin, S. Schneider, X. Hu, and T. Chiueh, “Automatic generation of string signatures for malware detection,” in Recent Advances in Intrusion Detection, vol. 5758 of Lecture Notes in Computer Science, pp. 101–120, Springer, Berlin, Germany, 2009. View at Publisher · View at Google Scholar
  24. Y. Ye, T. Li, Q. Jiang, and Y. Wang, “CIMDS: adapting postprocessing techniques of associative classification for malware detection,” IEEE Transactions on Systems, Man and Cybernetics C, vol. 40, no. 3, pp. 298–307, 2010. View at Publisher · View at Google Scholar · View at Scopus
  25. A. Moser, C. Kruegel, and E. Kirda, “Limits of static analysis for malware detection,” in Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC '07), pp. 421–430, usa, December 2007. View at Publisher · View at Google Scholar · View at Scopus
  26. Y. Chen, A. Narayanan, S. Pang, and B. Tao, “Malicious software detection using multiple sequence alignment and data mining,” in Proceedings of 26th IEEE International Conference on Advanced Information Networking and Applications (AINA '12), pp. 8–14, 2012.
  27. Y. Chen, A. Narayanan, S. Pang, and B. Tao, “Multiple sequence alignment and artificial neural networks for malicious software detection,” in Proceedings of the 8th IEEE Conference on Natural Computation (ICNC '12), pp. 261–265, 2012.
  28. A. Narayanan, Y. Chen, S. Pang, and B. Tao, “The effects of different representations on malware motif identification,” in Proceedings of the International Conference on Computational Intelligence and Security (CIS '12), pp. 86–90, 2012.
  29. Y. Tang and S. Chen, “An automated signature-based approach against polymorphic internet worms,” IEEE Transactions on Parallel and Distributed Systems, vol. 18, no. 7, pp. 879–892, 2007. View at Publisher · View at Google Scholar · View at Scopus
  30. P. Szor, The Art of Computer Virus Research and Defense, Addison Wesley, 2005.
  31. J. Parikka, Digital Contagions. A Media Archaeology of Computer Viruses, Peter Lang, New York, NY, USA, 2007.
  32. B. Bayoglu and I. Sogukpinar, “Polymorphic worm detection using token-pair signatures,” in Proceedings of the 4th International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU '08), pp. 7–12, July 2008. View at Publisher · View at Google Scholar · View at Scopus
  33. T. Chen, “Intrusion detection for viruses and worms,” IEC Annual Review of Communications, vol. 57, 2004. View at Google Scholar
  34. J. Strickland, “Ten worst computer viruses of all time,” 2011, http://computer.howstuffworks.com/worst-computer-viruses1.ht.
  35. T. Xinguang, D. Miyi, S. Chunlai, and L. Xin, “Detecting network intrusions by data mining and variable-length sequence pattern matching,” Journal of Systems Engineering and Electronics, vol. 20, no. 2, pp. 405–411, 2009. View at Google Scholar · View at Scopus
  36. D. M. Mount, Bioinformatics: Sequence and Genome Analysis, Cold Spring Harbor Laboratory Press, Cold Spring Harbor, NY, USA, 3rd edition, 2001.
  37. G. Kondrak, Algorithms for language reconstruction [Ph.D. thesis], Computer Science Department, University of Toronto, Ontario, Canada, 2002, http://www.cs.ualberta.ca/~kondrak/papers/thesis.pdf.
  38. A. Prinzie and D. Van den Poel, “Incorporating sequential information into traditional classification models by using an element/position-sensitive SAM,” Decision Support Systems, vol. 42, no. 2, pp. 508–526, 2006. View at Publisher · View at Google Scholar · View at Scopus
  39. Y. Chen, A. Narayanan, S. Pang, and B. Tao, “Malicious software detection using multiple sequence alignment and data mining,” in Proceedings of the IEEE International Conference on Advanced Information Networking and Applications (AINA '12), pp. 8–14, Fukuoka, Japan, March 2012.
  40. M. A. Larkin, G. Blackshields, N. P. Brown et al., “Clustal W and Clustal X version 2.0,” Bioinformatics, vol. 23, no. 21, pp. 2947–2948, 2007. View at Publisher · View at Google Scholar · View at Scopus
  41. Y. Chen, A. Narayanan, S. Pang, and B. Tao, “Multiple sequence alignment and artificial neural networks for malicious software detection,” in Proceedings of the 8th IEEE Conference on Natural Computation (ICNC '12), pp. 261–265, Chonqing, China, May, 2012. View at Publisher · View at Google Scholar
  42. A. Narayanan, Y. Chen, S. Pang, and B. Tao, “The effects of different representations on malware motif identification.,” in Proceedings of the International Conference on Computational Intelligence and Security (CIS '12), pp. 86–90, 2012. View at Publisher · View at Google Scholar
  43. S. B. Needleman and C. D. Wunsch, “A general method applicable to the search for similarities in the amino acid sequence of two proteins,” Journal of Molecular Biology, vol. 48, no. 3, pp. 443–453, 1970. View at Google Scholar · View at Scopus
  44. T. F. Smith and M. S. Waterman, “Identification of common molecular subsequences,” Journal of Molecular Biology, vol. 147, no. 1, pp. 195–197, 1981. View at Google Scholar · View at Scopus
  45. “T-Coffee Multiple Sequence Alignment,” http://www.ebi.ac.uk/Tools/msa/tcoffee/.
  46. “Viruses andWorms Datasets collected from VX heavens,” http://www.vxheavens.com/vl.php.
  47. J. Cendrowska, “PRISM: an algorithm for inducing modular rules,” International Journal of Man-Machine Studies, vol. 27, no. 4, pp. 349–370, 1988. View at Google Scholar · View at Scopus