The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
A capacidade de reconhecer rapidamente os fluxos da rede para serem executáveis é um pré-requisito para a detecção de malware. Para tanto, apresentamos uma matriz de probabilidade de transição de instruções (ITPX) que é composta pelos conjuntos de instruções IA-32 e revela as características dos padrões de transição de instruções do código executável. E então, propomos um algoritmo simples para detectar código executável dentro de fluxos de rede usando uma referência ITPX que é aprendida a partir dos arquivos executáveis portáteis conhecidos do Windows. Testamos o algoritmo com mais de milhares de códigos executáveis e não executáveis. Os resultados mostram que é bastante promissor para uso no mundo real.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Ikkyun KIM, Koohong KANG, Yangseo CHOI, Daewon KIM, Jintae OH, Jongsoo JANG, Kijun HAN, "Executable Code Recognition in Network Flows Using Instruction Transition Probabilities" in IEICE TRANSACTIONS on Information,
vol. E91-D, no. 7, pp. 2076-2078, July 2008, doi: 10.1093/ietisy/e91-d.7.2076.
Abstract: The ability to recognize quickly inside network flows to be executable is prerequisite for malware detection. For this purpose, we introduce an instruction transition probability matrix (ITPX) which is comprised of the IA-32 instruction sets and reveals the characteristics of executable code's instruction transition patterns. And then, we propose a simple algorithm to detect executable code inside network flows using a reference ITPX which is learned from the known Windows Portable Executable files. We have tested the algorithm with more than thousands of executable and non-executable codes. The results show that it is very promising enough to use in real world.
URL: https://global.ieice.org/en_transactions/information/10.1093/ietisy/e91-d.7.2076/_p
Copiar
@ARTICLE{e91-d_7_2076,
author={Ikkyun KIM, Koohong KANG, Yangseo CHOI, Daewon KIM, Jintae OH, Jongsoo JANG, Kijun HAN, },
journal={IEICE TRANSACTIONS on Information},
title={Executable Code Recognition in Network Flows Using Instruction Transition Probabilities},
year={2008},
volume={E91-D},
number={7},
pages={2076-2078},
abstract={The ability to recognize quickly inside network flows to be executable is prerequisite for malware detection. For this purpose, we introduce an instruction transition probability matrix (ITPX) which is comprised of the IA-32 instruction sets and reveals the characteristics of executable code's instruction transition patterns. And then, we propose a simple algorithm to detect executable code inside network flows using a reference ITPX which is learned from the known Windows Portable Executable files. We have tested the algorithm with more than thousands of executable and non-executable codes. The results show that it is very promising enough to use in real world.},
keywords={},
doi={10.1093/ietisy/e91-d.7.2076},
ISSN={1745-1361},
month={July},}
Copiar
TY - JOUR
TI - Executable Code Recognition in Network Flows Using Instruction Transition Probabilities
T2 - IEICE TRANSACTIONS on Information
SP - 2076
EP - 2078
AU - Ikkyun KIM
AU - Koohong KANG
AU - Yangseo CHOI
AU - Daewon KIM
AU - Jintae OH
AU - Jongsoo JANG
AU - Kijun HAN
PY - 2008
DO - 10.1093/ietisy/e91-d.7.2076
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E91-D
IS - 7
JA - IEICE TRANSACTIONS on Information
Y1 - July 2008
AB - The ability to recognize quickly inside network flows to be executable is prerequisite for malware detection. For this purpose, we introduce an instruction transition probability matrix (ITPX) which is comprised of the IA-32 instruction sets and reveals the characteristics of executable code's instruction transition patterns. And then, we propose a simple algorithm to detect executable code inside network flows using a reference ITPX which is learned from the known Windows Portable Executable files. We have tested the algorithm with more than thousands of executable and non-executable codes. The results show that it is very promising enough to use in real world.
ER -