Black et al., 2019 - Google Patents
Evolved similarity techniques in malware analysisBlack et al., 2019
- Document ID
- 7670005048630464971
- Author
- Black P
- Gondal I
- Vamplew P
- Lakhotia A
- Publication year
- Publication venue
- 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
External Links
Snippet
Malware authors are known to reuse existing code, this development process results in software evolution and a sequence of versions of a malware family containing functions that show a divergence from the initial version. This paper proposes the term evolved similarity to …
- 238000000034 method 0 title abstract description 30
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformations of program code
- G06F8/41—Compilation
- G06F8/43—Checking; Contextual analysis
- G06F8/436—Semantic checking
- G06F8/437—Type checking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Update
- G06F8/68—Incremental; Differential
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/75—Structural analysis for program understanding
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30286—Information retrieval; Database structures therefor; File system structures therefor in structured data stores
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/44—Arrangements for executing specific programmes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F19/00—Digital computing or data processing equipment or methods, specially adapted for specific applications
- G06F19/10—Bioinformatics, i.e. methods or systems for genetic or protein-related data processing in computational molecular biology
- G06F19/22—Bioinformatics, i.e. methods or systems for genetic or protein-related data processing in computational molecular biology for sequence comparison involving nucleotides or amino acids, e.g. homology search, motif or SNP [Single-Nucleotide Polymorphism] discovery or sequence alignment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Haq et al. | A survey of binary code similarity | |
| Yuan et al. | B2sfinder: Detecting open-source software reuse in cots software | |
| Li et al. | Vulpecker: an automated vulnerability detection system based on code similarity analysis | |
| Eschweiler et al. | Discovre: Efficient cross-architecture identification of bugs in binary code. | |
| Khoo et al. | Rendezvous: A search engine for binary code | |
| David et al. | Tracelet-based code search in executables | |
| Shirani et al. | Binshape: Scalable and robust binary library function identification using function shape | |
| Schwartz et al. | Using logic programming to recover c++ classes and methods from compiled executables | |
| US9330095B2 (en) | Method and system for matching unknown software component to known software component | |
| Cesare et al. | Software similarity and classification | |
| Hu et al. | Cross-architecture binary semantics understanding via similar code comparison | |
| Qiu et al. | Library functions identification in binary code by using graph isomorphism testings | |
| JP2017519300A (en) | System and method for software analytics | |
| Pagani et al. | Autoprofile: Towards automated profile generation for memory analysis | |
| Black et al. | Evolved similarity techniques in malware analysis | |
| Sudhamani et al. | Code similarity detection through control statement and program features | |
| Benoit et al. | Scalable program clone search through spectral analysis | |
| Gribkov et al. | Analysis of decompiled program code using abstract syntax trees | |
| Alrabaee et al. | Binary analysis overview | |
| Zhan et al. | Ps3: Precise patch presence test based on semantic symbolic signature | |
| Wang et al. | Are we there yet? filling the gap between binary similarity analysis and binary software composition analysis | |
| KR101583133B1 (en) | Method for evaluating software similarity using stack and apparatus therefor | |
| Alam et al. | Droidclone: Attack of the android malware clones-a step towards stopping them | |
| Liu et al. | Vmpbl: Identifying vulnerable functions based on machine learning combining patched information and binary comparison technique by lcs | |
| Karamitas et al. | Function matching between binary executables: efficient algorithms and features |