F-Sign: Automatic, Function-Based Signature Generation for Malware

@article{Shabtai2011FSignAF,
  title={F-Sign: Automatic, Function-Based Signature Generation for Malware},
  author={Asaf Shabtai and Eitan Menahem and Yuval Elovici},
  journal={IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews)},
  year={2011},
  volume={41},
  pages={494-508}
}
In this research, we present a new method, termed F-Sign, for automatic extraction of unique signatures from malware files. F-Sign is primarily intended for high-speed network traffic filtering devices that are based on deep-packet inspection. Malicious executables are analyzed using two approaches: disassembly, utilizing IDA-Pro, and the application of a dedicated state machine in order to obtain the set of functions comprising the executables. The signature extraction process is based on a… CONTINUE READING
Highly Cited
This paper has 18 citations. REVIEW CITATIONS

Citations

Publications citing this paper.
Showing 1-10 of 11 extracted citations

References

Publications referenced by this paper.
Showing 1-10 of 37 references

Similar Papers

Loading similar papers…