Title | ||
---|---|---|
Executable Code Recognition in Network Flows Using Instruction Transition Probabilities |
Abstract | ||
---|---|---|
The ability to recognize quickly inside network flows to be executable is prerequisite for malware detection. For this purpose, we introduce an instruction transition probability matrix (ITPX) which is comprised of the IA-32 instruction sets and reveals the characteristics of executable code's instruction transition patterns. And then, we propose a simple algorithm to detect executable code inside network flows using a reference ITPX which is learned from the known Windows Portable Executable files. We have tested the algorithm with more than thousands of executable and non-executable codes. The results show that it is very promising enough to use in real world. |
Year | DOI | Venue |
---|---|---|
2008 | 10.1093/ietisy/e91-d.7.2076 | IEICE Transactions |
Keywords | Field | DocType |
inside network,malware detection,windows portable executable file,instruction transition pattern,instruction transition probabilities,ia-32 instruction set,reference itpx,executable code recognition,non-executable code,instruction transition probability matrix,executable code,simple algorithm,transition probability,network flow | Programming language,Computer science,Instruction set,Coding (social sciences),Artificial intelligence,Executable,Flow network,Computer vision,Stochastic matrix,SIMPLE algorithm,Malware,Operating system,Portable Executable | Journal |
Volume | Issue | ISSN |
E91-D | 7 | 1745-1361 |
Citations | PageRank | References |
1 | 0.35 | 5 |
Authors | ||
7 |
Name | Order | Citations | PageRank |
---|---|---|---|
Ik-Kyun Kim | 1 | 20 | 9.68 |
Koohong Kang | 2 | 12 | 4.38 |
Yangseo Choi | 3 | 25 | 4.40 |
Daewon Kim | 4 | 45 | 11.29 |
Jintae Oh | 5 | 25 | 7.28 |
Jongsoo Jang | 6 | 55 | 13.43 |
Kijun Han | 7 | 294 | 56.26 |