The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Récemment, la fréquence d’apparition de variantes de virus informatiques a augmenté. Les mises à jour des informations sur les virus à l'aide de la méthode normale de correspondance de modèles sont de moins en moins capables de suivre la vitesse à laquelle les virus apparaissent, car l'extraction des modèles caractéristiques de chaque virus prend du temps. Par conséquent, un algorithme de détection de virus rapide et automatique utilisant une analyse de code statique est nécessaire. Cependant, les virus informatiques récents sont presque toujours compressés et masqués. Il est difficile de déterminer les caractéristiques du code binaire à partir des virus informatiques masqués. Par conséquent, cet article propose une méthode qui décompresse automatiquement les virus informatiques compressés, indépendamment du format de compression. La méthode proposée décompresse les formats de compression courants avec précision dans 80 % des cas, tandis que des formats de compression inconnus peuvent également être décompressés. La méthode proposée est efficace contre les virus inconnus en la combinant avec le système de détection de virus connu existant comme le Bayesian Virus Filter de Paul Graham, etc.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Dengfeng ZHANG, Naoshi NAKAYA, Yuuji KOUI, Hitoaki YOSHIDA, "An Automatic Unpacking Method for Computer Virus Effective in the Virus Filter Based on Paul Graham's Bayesian Theorem" in IEICE TRANSACTIONS on Communications,
vol. E92-B, no. 4, pp. 1119-1127, April 2009, doi: 10.1587/transcom.E92.B.1119.
Abstract: Recently, the appearance frequency of computer virus variants has increased. Updates to virus information using the normal pattern matching method are increasingly unable to keep up with the speed at which viruses occur, since it takes time to extract the characteristic patterns for each virus. Therefore, a rapid, automatic virus detection algorithm using static code analysis is necessary. However, recent computer viruses are almost always compressed and obfuscated. It is difficult to determine the characteristics of the binary code from the obfuscated computer viruses. Therefore, this paper proposes a method that unpacks compressed computer viruses automatically independent of the compression format. The proposed method unpacks the common compression formats accurately 80% of the time, while unknown compression formats can also be unpacked. The proposed method is effective against unknown viruses by combining it with the existing known virus detection system like Paul Graham's Bayesian Virus Filter etc.
URL: https://global.ieice.org/en_transactions/communications/10.1587/transcom.E92.B.1119/_p
Copier
@ARTICLE{e92-b_4_1119,
author={Dengfeng ZHANG, Naoshi NAKAYA, Yuuji KOUI, Hitoaki YOSHIDA, },
journal={IEICE TRANSACTIONS on Communications},
title={An Automatic Unpacking Method for Computer Virus Effective in the Virus Filter Based on Paul Graham's Bayesian Theorem},
year={2009},
volume={E92-B},
number={4},
pages={1119-1127},
abstract={Recently, the appearance frequency of computer virus variants has increased. Updates to virus information using the normal pattern matching method are increasingly unable to keep up with the speed at which viruses occur, since it takes time to extract the characteristic patterns for each virus. Therefore, a rapid, automatic virus detection algorithm using static code analysis is necessary. However, recent computer viruses are almost always compressed and obfuscated. It is difficult to determine the characteristics of the binary code from the obfuscated computer viruses. Therefore, this paper proposes a method that unpacks compressed computer viruses automatically independent of the compression format. The proposed method unpacks the common compression formats accurately 80% of the time, while unknown compression formats can also be unpacked. The proposed method is effective against unknown viruses by combining it with the existing known virus detection system like Paul Graham's Bayesian Virus Filter etc.},
keywords={},
doi={10.1587/transcom.E92.B.1119},
ISSN={1745-1345},
month={April},}
Copier
TY - JOUR
TI - An Automatic Unpacking Method for Computer Virus Effective in the Virus Filter Based on Paul Graham's Bayesian Theorem
T2 - IEICE TRANSACTIONS on Communications
SP - 1119
EP - 1127
AU - Dengfeng ZHANG
AU - Naoshi NAKAYA
AU - Yuuji KOUI
AU - Hitoaki YOSHIDA
PY - 2009
DO - 10.1587/transcom.E92.B.1119
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E92-B
IS - 4
JA - IEICE TRANSACTIONS on Communications
Y1 - April 2009
AB - Recently, the appearance frequency of computer virus variants has increased. Updates to virus information using the normal pattern matching method are increasingly unable to keep up with the speed at which viruses occur, since it takes time to extract the characteristic patterns for each virus. Therefore, a rapid, automatic virus detection algorithm using static code analysis is necessary. However, recent computer viruses are almost always compressed and obfuscated. It is difficult to determine the characteristics of the binary code from the obfuscated computer viruses. Therefore, this paper proposes a method that unpacks compressed computer viruses automatically independent of the compression format. The proposed method unpacks the common compression formats accurately 80% of the time, while unknown compression formats can also be unpacked. The proposed method is effective against unknown viruses by combining it with the existing known virus detection system like Paul Graham's Bayesian Virus Filter etc.
ER -