Unity in Diversity: Phylogenetic-Inspired Techniques for Reverse Engineering and Detection of Malware Families

The authors developed a framework for abstracting, aligning and analyzing malware execution traces and performed a preliminary exploration of state of the art phylogenetic methods, whose strengths lie in pattern recognition and visualisation, to derive the statistical relationships within two contemporary malware families. They made use of phylogenetic trees and networks, motifs, logos, composition biases, and tree topology comparison methods with the objective of identifying common functionality and studying sources of variation in related samples. Networks were more useful for visualising short nop-equivalent code metamorphism than trees; tree topology comparison was suited for studying variations in multiple sets of homologous procedures.

Provided by: University of California, Santa Cruz Topic: Software Date Added: Jun 2011 Format: PDF

Find By Topic