Static detection and identification of X86 malicious executables: A multidisciplinary approach

View

Download

Communities and Collections

Usage

Author / Creator

Wang, Zhiyu
In this thesis, we propose a novel approach to detect malicious executables in the network layer using a combination of techniques from bioinformatics, data mining and information retrieval. This approach requires translating malicious code into genome-like representations. Based on their "genetic" formats, we can easily extract features by constructing families for known malicious code using data mining algorithms. These features then can be stored in a router or an another device in the network to measure the similarity between payloads and extracted features. Once the similarity is over a threshold, the security device can block the entire session and report an alert before the threat reaches the intended host(s). Further more, attacks can be identified based on their features and the families where these features come from. Ultimately, our experiments showed that 95% accuracy of detection is possible with an identification rate of 83%.
Subjects / Keywords
- Malicious executables
Graduation date

Fall 2009
Type of Item

Thesis
Degree

Master of Science
DOI

https://doi.org/10.7939/R3MH2C
License

This thesis is made available by the University of Alberta Libraries with permission of the copyright owner solely for non-commercial purposes. This thesis, or any portion thereof, may not otherwise be copied or reproduced without the written consent of the copyright owner, except to the extent permitted by Canadian copyright law.

Language

English
Institution

University of Alberta
Degree level

Master's
Department
- Department of Computing Science
Supervisor / co-supervisor and their department(s)
- Mike H. MacGregor (Computing Science)
- Mario A. Nascimento (Computing Science)
Examining committee members and their departments
- GuoHui Lin (Computing Science)
- Raymond Patterson (Alberta School of Business)