The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
La capacité de reconnaître rapidement les flux réseau internes comme étant exécutables est une condition préalable à la détection des logiciels malveillants. À cette fin, nous introduisons une matrice de probabilité de transition d'instruction (ITPX) qui comprend les jeux d'instructions IA-32 et révèle les caractéristiques des modèles de transition d'instruction du code exécutable. Nous proposons ensuite un algorithme simple pour détecter le code exécutable dans les flux réseau à l'aide d'une référence ITPX apprise à partir des fichiers exécutables portables Windows connus. Nous avons testé l'algorithme avec plus de milliers de codes exécutables et non exécutables. Les résultats montrent qu’il est suffisamment prometteur pour être utilisé dans le monde réel.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Ikkyun KIM, Koohong KANG, Yangseo CHOI, Daewon KIM, Jintae OH, Jongsoo JANG, Kijun HAN, "Executable Code Recognition in Network Flows Using Instruction Transition Probabilities" in IEICE TRANSACTIONS on Information,
vol. E91-D, no. 7, pp. 2076-2078, July 2008, doi: 10.1093/ietisy/e91-d.7.2076.
Abstract: The ability to recognize quickly inside network flows to be executable is prerequisite for malware detection. For this purpose, we introduce an instruction transition probability matrix (ITPX) which is comprised of the IA-32 instruction sets and reveals the characteristics of executable code's instruction transition patterns. And then, we propose a simple algorithm to detect executable code inside network flows using a reference ITPX which is learned from the known Windows Portable Executable files. We have tested the algorithm with more than thousands of executable and non-executable codes. The results show that it is very promising enough to use in real world.
URL: https://global.ieice.org/en_transactions/information/10.1093/ietisy/e91-d.7.2076/_p
Copier
@ARTICLE{e91-d_7_2076,
author={Ikkyun KIM, Koohong KANG, Yangseo CHOI, Daewon KIM, Jintae OH, Jongsoo JANG, Kijun HAN, },
journal={IEICE TRANSACTIONS on Information},
title={Executable Code Recognition in Network Flows Using Instruction Transition Probabilities},
year={2008},
volume={E91-D},
number={7},
pages={2076-2078},
abstract={The ability to recognize quickly inside network flows to be executable is prerequisite for malware detection. For this purpose, we introduce an instruction transition probability matrix (ITPX) which is comprised of the IA-32 instruction sets and reveals the characteristics of executable code's instruction transition patterns. And then, we propose a simple algorithm to detect executable code inside network flows using a reference ITPX which is learned from the known Windows Portable Executable files. We have tested the algorithm with more than thousands of executable and non-executable codes. The results show that it is very promising enough to use in real world.},
keywords={},
doi={10.1093/ietisy/e91-d.7.2076},
ISSN={1745-1361},
month={July},}
Copier
TY - JOUR
TI - Executable Code Recognition in Network Flows Using Instruction Transition Probabilities
T2 - IEICE TRANSACTIONS on Information
SP - 2076
EP - 2078
AU - Ikkyun KIM
AU - Koohong KANG
AU - Yangseo CHOI
AU - Daewon KIM
AU - Jintae OH
AU - Jongsoo JANG
AU - Kijun HAN
PY - 2008
DO - 10.1093/ietisy/e91-d.7.2076
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E91-D
IS - 7
JA - IEICE TRANSACTIONS on Information
Y1 - July 2008
AB - The ability to recognize quickly inside network flows to be executable is prerequisite for malware detection. For this purpose, we introduce an instruction transition probability matrix (ITPX) which is comprised of the IA-32 instruction sets and reveals the characteristics of executable code's instruction transition patterns. And then, we propose a simple algorithm to detect executable code inside network flows using a reference ITPX which is learned from the known Windows Portable Executable files. We have tested the algorithm with more than thousands of executable and non-executable codes. The results show that it is very promising enough to use in real world.
ER -