A Fast Positive Approach of P-DPL in the Packet Inspection
The signature extraction process is based on a comparison with a common function repository. By eliminatin functions appearing in the common function repository from the signature candidate list, P-DPL can minimize the risk of false-positive detection errors. To minimize false-positive rates for P-DPL proposes intelligent candidate selection using entropy score to generate signatures. Evaluation of P-DPL was conducted under various conditions. The findings suggest that the proposed method can be used for automatically generating signatures that are both specific, sensitive. In this paper, the authors propose a new automatic mechanism, termed P-DPL for extracting signatures from malware files and unwanted mapping files. Signatures generated by P-DPL are comprised of multiple byte-strings, which can be used by high-speed, network-based, malware filtering devices.
Provided by: International Journal of Advanced Research in Computer Engineering & Technology Topic: Networking Date Added: Jun 2012 Format: PDF