• Corpus ID: 9114222

Automatic Extraction of Computer Virus SignaturesJe

  title={Automatic Extraction of Computer Virus SignaturesJe},
  author={rey O. Kephart and Clark William and ArnoldHigh},
One way that anti-virus programs identify the presence of a virus in an executable le, a boot record, or memory is by using short identiiers called signatures, which consist of sequences of bytes in the machine code of the virus. A good signature is one that is found in every object infected by the virus, but is unlikely to be found if the virus is not present; i.e. the likelihood of both false negatives and false positives must be minimized. Typically, a human expert chooses a signature for a… 
Automatic Generation of String Signatures for Malware Detection
Hancock is the first string signature generation system that takes on this challenge on a large scale and features a scalable model that estimates the occurrence probability of arbitrary byte sequences in goodware programs, a set of library code identification techniques, and diversity-based heuristics that ensure the contexts in which a signature is embedded in containing malware files are similar to one another.
The paper [1] provides a rigorous proof that metamorphic viruses can bypass any signature-based detection, provided the code obfuscation has been done carefully based on a set of specified rules.
Computer Virus Detection Using Features Ranking and Machine Learning
A new method for virus detection using a combination of the voted perceptron classification algorithm and the Information Gain method, which shows 99 % accuracy and detection rate which underlines the capability of the proposed method.
IMDS: intelligent malware detection system
Promising experimental results demonstrate that the accuracy and efficiency of the IMDS system out perform popular anti-virus software such as Norton AntiVirus and McAfee VirusScan, as well as previous data mining based detection systems which employed Naive Bayes, Support Vector Machine and Decision Tree techniques.
A Feature Selection and Evaluation Scheme for Computer Virus Detection
This paper presents a data mining approach that conducts an exhaustive feature search on a set of computer viruses and strives to obviate over-fitting, and evaluates the predictive power of a classifier by taking into account dependence relationships that exist between viruses.
Automated extraction of polymorphic virus signatures using abstract interpretation
A novel approach for the detection and signature extraction for a subclass of polymorphic computer viruses, using context-free grammars as viral signatures, and design a process able to extract this signature from a single sample of a virus.
Detecting a malicious executable without prior knowledge of its patterns
This study investigated the use of byte sequence frequencies to profile only benign data and found that the Gaussian model substantially outperformed the one-class SVM in its ability to distinguish malicious from benign files.
AGIS: Towards automatic generation of infection signatures
AGIS is a host-based technique that detects infections by malware and automatically generates an infection signature of the malware, which can be used to build a template for a static-analysis-based scanner, or a regular-expression signature for legacy scanners.
A theoretical implementation of Blended Program Analysis for virus signature extraction
  • Vishrut Sharma
  • Computer Science
    2011 Carnahan Conference on Security Technology
  • 2011
The possibilities of extracting the signatures of viruses, including complex viruses such as macro viruses, by making use of Blended Program Analysis is explored, which combines a dynamic representation of the program calling structure, with a static analysis applied to a region of that calling structure with observed performance problems.
Automated signature extraction for high volume attacks
The system to extract the required signatures together with the problem definition and the string-heavy hitters algorithm, which finds popular strings of variable length in a set of messages, using the classic heavy-hitter algorithm as a building block are developed.


Measuring and modeling computer virus prevalence
  • J. Kephart, S. R. White
  • Computer Science
    Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy
  • 1993
A statistical analysis of computer virus incidents in a large, stable sample population of PCs and new epidemiological models of virus spread are conducted and incorporated into a cost-effective anti-virus policy for organizations.
Proceedings of Artiicial Life IV
  • Proceedings of Artiicial Life IV
  • 1994
World News scoops planet with space alien revelation,
  • Weekly World News, June
  • 1994
\Weekly World News scoops planet with space alien revelation
  • Weekly World News
  • 1994
Topology A ects Population Dynamics", submitted to C. Lang- ton, ed
  • Proceedings of Arti cial Life III,
  • 1992
\How Topology AAects Population Dynamics
  • Proceedings of Artiicial Life III
  • 1992
A Short Course on Computer Viruses
  • ASP Press, Pittsburgh,
  • 1990
Course on Computer Viruses
  • Course on Computer Viruses
  • 1990