In this paper, we consider a method for computing the similarity of executable files, based on opcode graphs. We apply this technique to the challenging problem of metamorphic malware detection and compare the results to previous work based on hidden Markov models. In addition, we analyze the effect of various morphing techniques on the success of our… (More)
To evade signature-based detection, metamorphic viruses transform their code before each new infection. Software similarity measures are a potentially useful means of detecting such malware. We can compare a given file to a known sample of metamorphic malware and compute their similarity—if they are sufficiently similar, we classify the file as malware of… (More)
We examine a class of binary strings arising from considerations about stream cipher encryption: to what degree can one guarantee that the number of pairs of entries distance k apart that disagree is equal to the number that agree, for all small k? In a certain sense, a keystream with such a property achieves a degree of unpredictability. The problem is… (More)
Metamorphic malware is capable of changing its internal structure without altering its functionality. A common signature is nonexistent in highly metamorphic malware and, consequently, such malware can remain undetected under standard signature scanning. In this paper, we apply previous work on structural entropy to the metamorphic detection problem. This… (More)
Substitution ciphers are among the earliest methods of encryption. Examples of classic substitution ciphers include the well-known simple substitution and the less well-known homophonic substitution. Simple substitution ciphers are indeed simple, both in terms of their use and their cryptanalysis. Homophonic substitutions—in which a plaintext symbol can map… (More)
Let A be an abelian group. We call a graph G = (V, E) A–magic if there exists a labeling f : E(G) → A * such that the induced vertex set labeling f + : V (G) → A, defined by f + (v) = Σf (u, v) where (u, v) ∈ E(G), is a constant map. In this paper, we present some algebraic properties of A– magic graphs. Using them, various results are obtained for… (More)
Let A be a non-trivial Abelian group. We call a graph G = (V, E) A-magic if there exists a labeling f : E → A * such that the induced vertex set labeling f + : V → A, defined by f + (v) = uv∈E f (uv) is a constant map. In this paper, we show that K k 1 ,k 2 ,...,k n (k i ≥ 2) is A-magic, for all A where |A| ≥ 3.
HTTP Attack Detection using N-gram Analysis by Adityaram Oza Previous research has shown that byte level analysis of HTTP traffic offers a practical solution to the problem of network intrusion detection and traffic analysis. Such an approach does not require any knowledge of applications running on web servers or any pre-processing of incoming data. In… (More)
In this paper, a generalization of a group-magic graph is introduced and studied. Let R be a commutative ring with unity 1.