Static detection and identification of X86 malicious executables: A multidisciplinary approach

  • Author / Creator
    Wang, Zhiyu
  • In this thesis, we propose a novel approach to detect malicious executables in the network layer using a combination of techniques from bioinformatics, data mining and information retrieval. This approach requires translating malicious code into genome-like representations. Based on their "genetic" formats, we can easily extract features by constructing families for known malicious code using data mining algorithms. These features then can be stored in a router or an another device in the network to measure the similarity between payloads and extracted features. Once the similarity is over a threshold, the security device can block the entire session and report an alert before the threat reaches the intended host(s). Further more, attacks can be identified based on their features and the families where these features come from. Ultimately, our experiments showed that 95% accuracy of detection is possible with an identification rate of 83%.

  • Subjects / Keywords
  • Graduation date
  • Type of Item
  • Degree
    Master of Science
  • DOI
  • License
    This thesis is made available by the University of Alberta Libraries with permission of the copyright owner solely for non-commercial purposes. This thesis, or any portion thereof, may not otherwise be copied or reproduced without the written consent of the copyright owner, except to the extent permitted by Canadian copyright law.
  • Language
  • Institution
    University of Alberta
  • Degree level
  • Department
    • Department of Computing Science
  • Supervisor / co-supervisor and their department(s)
    • Mike H. MacGregor (Computing Science)
    • Mario A. Nascimento (Computing Science)
  • Examining committee members and their departments
    • Raymond Patterson (Alberta School of Business)
    • GuoHui Lin (Computing Science)