Large-Scale Malware Indexing Using Function-Call Graphs
Source: Association for Computing Machinery
A major challenge of the Anti-Virus (AV) industry is how to effectively process the huge influx of malware samples they receive every day. One possible solution to this problem is to quickly determine if a new malware sample is similar to any previously-seen malware program. This paper designs, implements and evaluates a malware database management system called SMIT (Symantec Malware Indexing Tree) that can efficiently make such determination based on malware's function-call graphs, which is a structural representation known to be less susceptible to instruction-level obfuscations commonly employed by malware writers to evade detection of AV software.
| Format: | Size: | 420.00 | |
| Date: | Nov 2009 |
People who downloaded this item also downloaded
- The Root of All Evil? - Rootkits Revealed
- From Fun to Profit: The Evolution of Malware
- OpenOffice V3.x Security Design Weaknesses
- Free But Fake: Rogue Anti-Malware
- Towards an Understanding of Anti-Virtualization and Anti-Debugging Behavior in Modern Malware
