File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1109/COMPSAC.2018.00094
- Scopus: eid_2-s2.0-85055449668
- WOS: WOS:000904976500080
- Find via
Supplementary
- Citations:
- Appears in Collections:
Conference Paper: The impact of lightweight disassembler on malware detection: An empirical study
| Title | The impact of lightweight disassembler on malware detection: An empirical study |
|---|---|
| Authors | |
| Keywords | Malware detection OpCode disassembly D light IDA Pro |
| Issue Date | 2018 |
| Publisher | IEEE. The Journal's web site is located at https://ieeexplore.ieee.org/xpl/conhome.jsp?punumber=1000143 |
| Citation | Proceedings of the IEEE 42nd Annual Computers, Software and Applications Conference (COMPSAC 18), Tokyo, Japan, 23-27 July 2018, v. 1, p. 620-629 How to Cite? |
| Abstract | Malicious software poses serious threats to our lives, and the activity to detect malware is becoming more and more important. An effective approach is to train a classifier using known software samples and malware samples, and recognize malware from new software. To do that, a recent popular trend
is to use OpCode, which is extracted from executable modules, as an expression of software entities to drive machine learning. However, we found that the effectiveness of such a framework highly suffers from having insufficient samples, which is caused by the low success rate of disassembly due to the intrinsic complexity of the problem. In this paper, we propose to increase the success rate of disassembly by allowing inaccurate disassembling, with the attempt to increase the number of successful disassembled samples to improve OpCode-driven malware detection. We built a lightweight disassembler D-light based on the linear swap disassembly method to avoid known issues with the recursive descent manner of IDA Pro. We carried out experiment to evaluate the performance, effectiveness, and other design factors of adopting D-light and IDA Pro as disassemblers for malware detection. The empirical study shows the D-light is both more efficient and more effective than IDA Pro in supporting malware
detection. |
| Persistent Identifier | http://hdl.handle.net/10722/254803 |
| ISSN | 2020 SCImago Journal Rankings: 0.216 |
| ISI Accession Number ID |
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Zhang, D | - |
| dc.contributor.author | Zhang, Z | - |
| dc.contributor.author | Jiang, B | - |
| dc.contributor.author | Tse, TH | - |
| dc.date.accessioned | 2018-06-21T01:06:49Z | - |
| dc.date.available | 2018-06-21T01:06:49Z | - |
| dc.date.issued | 2018 | - |
| dc.identifier.citation | Proceedings of the IEEE 42nd Annual Computers, Software and Applications Conference (COMPSAC 18), Tokyo, Japan, 23-27 July 2018, v. 1, p. 620-629 | - |
| dc.identifier.issn | 0730-3157 | - |
| dc.identifier.uri | http://hdl.handle.net/10722/254803 | - |
| dc.description.abstract | Malicious software poses serious threats to our lives, and the activity to detect malware is becoming more and more important. An effective approach is to train a classifier using known software samples and malware samples, and recognize malware from new software. To do that, a recent popular trend is to use OpCode, which is extracted from executable modules, as an expression of software entities to drive machine learning. However, we found that the effectiveness of such a framework highly suffers from having insufficient samples, which is caused by the low success rate of disassembly due to the intrinsic complexity of the problem. In this paper, we propose to increase the success rate of disassembly by allowing inaccurate disassembling, with the attempt to increase the number of successful disassembled samples to improve OpCode-driven malware detection. We built a lightweight disassembler D-light based on the linear swap disassembly method to avoid known issues with the recursive descent manner of IDA Pro. We carried out experiment to evaluate the performance, effectiveness, and other design factors of adopting D-light and IDA Pro as disassemblers for malware detection. The empirical study shows the D-light is both more efficient and more effective than IDA Pro in supporting malware detection. | - |
| dc.language | eng | - |
| dc.publisher | IEEE. The Journal's web site is located at https://ieeexplore.ieee.org/xpl/conhome.jsp?punumber=1000143 | - |
| dc.relation.ispartof | IEEE Annual International Computer Software and Applications Conference (COMPSAC) Proceedings | - |
| dc.rights | IEEE Annual Computer Software and Applications Conference (COMPSAC) Proceedings. Copyright © IEEE. | - |
| dc.rights | ©2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. | - |
| dc.subject | Malware detection | - |
| dc.subject | OpCode | - |
| dc.subject | disassembly | - |
| dc.subject | D light | - |
| dc.subject | IDA Pro | - |
| dc.title | The impact of lightweight disassembler on malware detection: An empirical study | - |
| dc.type | Conference_Paper | - |
| dc.identifier.email | Tse, TH: thtse@cs.hku.hk | - |
| dc.identifier.authority | Tse, TH=rp00546 | - |
| dc.identifier.doi | 10.1109/COMPSAC.2018.00094 | - |
| dc.identifier.scopus | eid_2-s2.0-85055449668 | - |
| dc.identifier.hkuros | 285613 | - |
| dc.identifier.volume | 1 | - |
| dc.identifier.spage | 620 | - |
| dc.identifier.epage | 629 | - |
| dc.identifier.isi | WOS:000904976500080 | - |
| dc.publisher.place | United States | - |
| dc.identifier.issnl | 0730-3157 | - |