Ugarte-Pedrero et al., 2014 - Google Patents
On the adoption of anomaly detection for packed executable filteringUgarte-Pedrero et al., 2014
View PDF- Document ID
- 16498578759985852631
- Author
- Ugarte-Pedrero X
- Santos I
- García-Ferreira I
- Huerta S
- Sanz B
- Bringas P
- Publication year
- Publication venue
- Computers & Security
External Links
Snippet
Malware packing is a common technique employed to hide malicious code and to avoid static analysis. In order to fully inspect the contents of the executable, unpacking techniques must be applied. Unfortunately, generic unpacking is computationally expensive. For this …
- 238000001514 detection method 0 title abstract description 65
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30286—Information retrieval; Database structures therefor; File system structures therefor in structured data stores
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/62—Methods or arrangements for recognition using electronic means
- G06K9/6267—Classification techniques
- G06K9/6279—Classification techniques relating to the number of classes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/44—Arrangements for executing specific programmes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/62—Methods or arrangements for recognition using electronic means
- G06K9/6217—Design or setup of recognition systems and techniques; Extraction of features in feature space; Clustering techniques; Blind source separation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/36—Image preprocessing, i.e. processing the image information without deciding about the identity of the image
- G06K9/46—Extraction of features or characteristics of the image
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N99/00—Subject matter not provided for in other groups of this subclass
- G06N99/005—Learning machines, i.e. computer in which a programme is changed according to experience gained by the machine itself during a complete run
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F19/00—Digital computing or data processing equipment or methods, specially adapted for specific applications
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210256127A1 (en) | System and method for automated machine-learning, zero-day malware detection | |
| US9665713B2 (en) | System and method for automated machine-learning, zero-day malware detection | |
| Baldwin et al. | Leveraging support vector machine for opcode density based detection of crypto-ransomware | |
| Allix et al. | Empirical assessment of machine learning-based malware detectors for Android: Measuring the gap between in-the-lab and in-the-wild validation scenarios | |
| Mosli et al. | Automated malware detection using artifacts in forensic memory images | |
| Deshotels et al. | Droidlegacy: Automated familial classification of android malware | |
| CN112602081A (en) | Enhancing network security and operational monitoring with alarm confidence assignment | |
| Gupta et al. | Big data framework for zero-day malware detection | |
| Carlin et al. | The effects of traditional anti-virus labels on malware detection using dynamic runtime opcodes | |
| CN112528284B (en) | Malicious program detection method and device, storage medium and electronic equipment | |
| KR101858620B1 (en) | Device and method for analyzing javascript using machine learning | |
| Ugarte-Pedrero et al. | On the adoption of anomaly detection for packed executable filtering | |
| Dewanje et al. | A new malware detection model using emerging machine learning algorithms | |
| Takahashi et al. | Android application analysis using machine learning techniques | |
| Miura et al. | Macros finder: Do you remember loveletter? | |
| Zhang et al. | Slowing down the aging of learning-based malware detectors with api knowledge | |
| Čeponis et al. | Evaluation of deep learning methods efficiency for malicious and benign system calls classification on the AWSCTD | |
| Jyothish et al. | Effectiveness of machine learning based android malware detectors against adversarial attacks | |
| Baychev et al. | Spearphishing malware: Do we really know the unknown? | |
| Ugarte-Pedrero et al. | Semi-supervised learning for packed executable detection | |
| Pimenta et al. | Androidgyny: Reviewing clustering techniques for Android malware family classification | |
| Darshan et al. | An empirical study to estimate the stability of random forest classifier on the hybrid features recommended by filter based feature selection technique | |
| Li et al. | Ensemble Framework Combining Family Information for Android Malware Detection | |
| Malik et al. | Static Malware Detection And Analysis Using Machine Learning Methods | |
| Geden et al. | Classification of malware families based on runtime behaviour |