New computer viruses are continually being generated and they cause damage all over the world. In general, current anti-virus software detects viruses by matching a pattern based on the signature; thus, unknown viruses without any signature cannot be detected. Although there are some static analysis technologies that do not depend on signatures, virus writers often use code obfuscation techniques, which make it difficult to execute a code analysis. As is generally known, unknown viruses and known viruses share a common feature. In this paper we propose a new static analysis technology that can circumvent code obfuscation to extract the common feature and detect unknown viruses based on similarity. The results of evaluation experiments demonstrated that this technique is able to detect unknown viruses without false positives.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Zhongda LIU, Naoshi NAKAYA, Yuuji KOUI, "The Unknown Computer Viruses Detection Based on Similarity" in IEICE TRANSACTIONS on Fundamentals,
vol. E92-A, no. 1, pp. 190-196, January 2009, doi: 10.1587/transfun.E92.A.190.
Abstract: New computer viruses are continually being generated and they cause damage all over the world. In general, current anti-virus software detects viruses by matching a pattern based on the signature; thus, unknown viruses without any signature cannot be detected. Although there are some static analysis technologies that do not depend on signatures, virus writers often use code obfuscation techniques, which make it difficult to execute a code analysis. As is generally known, unknown viruses and known viruses share a common feature. In this paper we propose a new static analysis technology that can circumvent code obfuscation to extract the common feature and detect unknown viruses based on similarity. The results of evaluation experiments demonstrated that this technique is able to detect unknown viruses without false positives.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E92.A.190/_p
Copy
@ARTICLE{e92-a_1_190,
author={Zhongda LIU, Naoshi NAKAYA, Yuuji KOUI, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={The Unknown Computer Viruses Detection Based on Similarity},
year={2009},
volume={E92-A},
number={1},
pages={190-196},
abstract={New computer viruses are continually being generated and they cause damage all over the world. In general, current anti-virus software detects viruses by matching a pattern based on the signature; thus, unknown viruses without any signature cannot be detected. Although there are some static analysis technologies that do not depend on signatures, virus writers often use code obfuscation techniques, which make it difficult to execute a code analysis. As is generally known, unknown viruses and known viruses share a common feature. In this paper we propose a new static analysis technology that can circumvent code obfuscation to extract the common feature and detect unknown viruses based on similarity. The results of evaluation experiments demonstrated that this technique is able to detect unknown viruses without false positives.},
keywords={},
doi={10.1587/transfun.E92.A.190},
ISSN={1745-1337},
month={January},}
Copy
TY - JOUR
TI - The Unknown Computer Viruses Detection Based on Similarity
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 190
EP - 196
AU - Zhongda LIU
AU - Naoshi NAKAYA
AU - Yuuji KOUI
PY - 2009
DO - 10.1587/transfun.E92.A.190
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E92-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2009
AB - New computer viruses are continually being generated and they cause damage all over the world. In general, current anti-virus software detects viruses by matching a pattern based on the signature; thus, unknown viruses without any signature cannot be detected. Although there are some static analysis technologies that do not depend on signatures, virus writers often use code obfuscation techniques, which make it difficult to execute a code analysis. As is generally known, unknown viruses and known viruses share a common feature. In this paper we propose a new static analysis technology that can circumvent code obfuscation to extract the common feature and detect unknown viruses based on similarity. The results of evaluation experiments demonstrated that this technique is able to detect unknown viruses without false positives.
ER -