ERA

Download the full-sized PDF of Static detection and identification of X86 malicious executables: A multidisciplinary approachDownload the full-sized PDF

Analytics

Share

Permanent link (DOI): https://doi.org/10.7939/R3MH2C

Download

Export to: EndNote  |  Zotero  |  Mendeley

Communities

This file is in the following communities:

Graduate Studies and Research, Faculty of

Collections

This file is in the following collections:

Theses and Dissertations

Static detection and identification of X86 malicious executables: A multidisciplinary approach Open Access

Descriptions

Other title
Subject/Keyword
malicious executables
Type of item
Thesis
Degree grantor
University of Alberta
Author or creator
Wang, Zhiyu
Supervisor and department
Mario A. Nascimento (Computing Science)
Mike H. MacGregor (Computing Science)
Examining committee member and department
Raymond Patterson (Alberta School of Business)
GuoHui Lin (Computing Science)
Department
Department of Computing Science
Specialization

Date accepted
2009-07-29T18:15:29Z
Graduation date
2009-11
Degree
Master of Science
Degree level
Master's
Abstract
In this thesis, we propose a novel approach to detect malicious executables in the network layer using a combination of techniques from bioinformatics, data mining and information retrieval. This approach requires translating malicious code into genome-like representations. Based on their "genetic" formats, we can easily extract features by constructing families for known malicious code using data mining algorithms. These features then can be stored in a router or an another device in the network to measure the similarity between payloads and extracted features. Once the similarity is over a threshold, the security device can block the entire session and report an alert before the threat reaches the intended host(s). Further more, attacks can be identified based on their features and the families where these features come from. Ultimately, our experiments showed that 95% accuracy of detection is possible with an identification rate of 83%.
Language
English
DOI
doi:10.7939/R3MH2C
Rights
Permission is hereby granted to the University of Alberta Libraries to reproduce single copies of this thesis and to lend or sell such copies for private, scholarly or scientific research purposes only. Where the thesis is converted to, or otherwise made available in digital form, the University of Alberta will advise potential users of the thesis of these terms. The author reserves all other publication and other rights in association with the copyright in the thesis and, except as herein before provided, neither the thesis nor any substantial portion thereof may be printed or otherwise reproduced in any material form whatsoever without the author's prior written permission.
Citation for previous publication

File Details

Date Uploaded
Date Modified
2014-04-29T20:24:45.125+00:00
Audit Status
Audits have not yet been run on this file.
Characterization
File format: pdf (Portable Document Format)
Mime type: application/pdf
File size: 704672
Last modified: 2015:10:12 11:23:46-06:00
Filename: Wang_Zhiyu_Fall 2009.pdf
Original checksum: 0978668f456de3f3c696df6e1e34ad7f
Well formed: true
Valid: true
File title: Dedication
Page count: 85
Activity of users you follow
User Activity Date