File Download

There are no files associated with this item.

  Links for fulltext
     (May Require Subscription)
  • Find via Find It@HKUL
Supplementary

Conference Paper: The impact of lightweight disassembler on malware detection: An empirical study

TitleThe impact of lightweight disassembler on malware detection: An empirical study
Authors
Issue Date2018
PublisherIEEE. The Journal's web site is located at https://ieeexplore.ieee.org/xpl/conhome.jsp?punumber=1000143
Citation
Proceedings of the IEEE 42nd Annual Computers, Software and Applications Conference (COMPSAC 18), Tokyo, Japan, 23-27 July 2018, v. 1 How to Cite?
AbstractMalicious software poses serious threats to our lives, and the activity to detect malware is becoming more and more important. An effective approach is to train a classifier using known software samples and malware samples, and recognize malware from new software. To do that, a recent popular trend is to use OpCode, which is extracted from executable modules, as an expression of software entities to drive machine learning. However, we found that the effectiveness of such a framework highly suffers from having insufficient samples, which is caused by the low success rate of disassembly due to the intrinsic complexity of the problem. In this paper, we propose to increase the success rate of disassembly by allowing inaccurate disassembling, with the attempt to increase the number of successful disassembled samples to improve OpCode-driven malware detection. We built a lightweight disassembler D-light based on the linear swap disassembly method to avoid known issues with the recursive descent manner of IDA Pro. We carried out experiment to evaluate the performance, effectiveness, and other design factors of adopting D-light and IDA Pro as disassemblers for malware detection. The empirical study shows the D-light is both more efficient and more effective than IDA Pro in supporting malware detection.
Persistent Identifierhttp://hdl.handle.net/10722/254803
ISSN

 

DC FieldValueLanguage
dc.contributor.authorZhang, D-
dc.contributor.authorZhang, Z-
dc.contributor.authorJiang, B-
dc.contributor.authorTse, TH-
dc.date.accessioned2018-06-21T01:06:49Z-
dc.date.available2018-06-21T01:06:49Z-
dc.date.issued2018-
dc.identifier.citationProceedings of the IEEE 42nd Annual Computers, Software and Applications Conference (COMPSAC 18), Tokyo, Japan, 23-27 July 2018, v. 1-
dc.identifier.issn0730-3157-
dc.identifier.urihttp://hdl.handle.net/10722/254803-
dc.description.abstractMalicious software poses serious threats to our lives, and the activity to detect malware is becoming more and more important. An effective approach is to train a classifier using known software samples and malware samples, and recognize malware from new software. To do that, a recent popular trend is to use OpCode, which is extracted from executable modules, as an expression of software entities to drive machine learning. However, we found that the effectiveness of such a framework highly suffers from having insufficient samples, which is caused by the low success rate of disassembly due to the intrinsic complexity of the problem. In this paper, we propose to increase the success rate of disassembly by allowing inaccurate disassembling, with the attempt to increase the number of successful disassembled samples to improve OpCode-driven malware detection. We built a lightweight disassembler D-light based on the linear swap disassembly method to avoid known issues with the recursive descent manner of IDA Pro. We carried out experiment to evaluate the performance, effectiveness, and other design factors of adopting D-light and IDA Pro as disassemblers for malware detection. The empirical study shows the D-light is both more efficient and more effective than IDA Pro in supporting malware detection.-
dc.languageeng-
dc.publisherIEEE. The Journal's web site is located at https://ieeexplore.ieee.org/xpl/conhome.jsp?punumber=1000143-
dc.relation.ispartofIEEE Annual International Computer Software and Applications Conference Proceedings-
dc.rightsIEEE Annual International Computer Software and Applications Conference Proceedings. Copyright © IEEE.-
dc.titleThe impact of lightweight disassembler on malware detection: An empirical study-
dc.typeConference_Paper-
dc.identifier.emailTse, TH: thtse@cs.hku.hk-
dc.identifier.authorityTse, TH=rp00546-
dc.identifier.hkuros285613-
dc.identifier.volume1-
dc.publisher.placeUnited States-

Export via OAI-PMH Interface in XML Formats


OR


Export to Other Non-XML Formats