Network-based Executable File Extraction and Analysis for Malware Detection

Byoungkoo Kim; Ikkyun Kim; Tai-Myoung Chung

doi:10.5220/0004126104300433

Network-based Executable File Extraction and Analysis for Malware Detection

Byoungkoo Kim, Ikkyun Kim, Tai-Myoung Chung

2012

Abstract

The injury by various computer viruses is over the time comprised of the tendency to increase. Therefore, various methodologies for protecting the computer system from the threats of new malicious software are actively studied. In this paper, we present a network-based executable file extraction and analysis technique for malware detection. Here, an executable file extraction is processed by executable file specific session and pattern matching in reconfiguring hardware. Next, malware detection is processed by clustering analysis technique about an executable file which is divided into many regions. In other words, it detects a malware by measuring the byte distribution similarity between malicious executable files and normal executable files. The proposed technique can detect not only the known malicious software but also the unknown malicious software. Most of all, it uses network packets as analysis source unlike the existing host anti-virus techniques. Besides, the proposed detection technique easily can detect malicious software without complicated command analysis. Therefore, our approach can minimize the load on the system execution despite the load on the additional network packet processing.

Download

Paper Citation

in Harvard Style

Kim B., Kim I. and Chung T. (2012). Network-based Executable File Extraction and Analysis for Malware Detection . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 430-433. DOI: 10.5220/0004126104300433

in Bibtex Style

@conference{secrypt12,
author={Byoungkoo Kim and Ikkyun Kim and Tai-Myoung Chung},
title={Network-based Executable File Extraction and Analysis for Malware Detection},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={430-433},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004126104300433},
isbn={978-989-8565-24-2},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Network-based Executable File Extraction and Analysis for Malware Detection
SN - 978-989-8565-24-2
AU - Kim B.
AU - Kim I.
AU - Chung T.
PY - 2012
SP - 430
EP - 433
DO - 10.5220/0004126104300433