IEICE TRANSACTIONS on Information
Executable Code Recognition in Network Flows Using Instruction Transition Probabilities
Summary :
The ability to recognize quickly inside network flows to be executable is prerequisite for malware detection. For this purpose, we introduce an instruction transition probability matrix (ITPX) which is comprised of the IA-32 instruction sets and reveals the characteristics of executable code's instruction transition patterns. And then, we propose a simple algorithm to detect executable code inside network flows using a reference ITPX which is learned from the known Windows Portable Executable files. We have tested the algorithm with more than thousands of executable and non-executable codes. The results show that it is very promising enough to use in real world.
- Publication
- IEICE TRANSACTIONS on Information Vol.E91-D No.7 pp.2076-2078
- Publication Date
- 2008/07/01
- Publicized
- Online ISSN
- 1745-1361
- DOI
- 10.1093/ietisy/e91-d.7.2076
- Type of Manuscript
- LETTER
- Category
- Application Information Security
Authors
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Ikkyun KIM, Koohong KANG, Yangseo CHOI, Daewon KIM, Jintae OH, Jongsoo JANG, Kijun HAN, "Executable Code Recognition in Network Flows Using Instruction Transition Probabilities" in IEICE TRANSACTIONS on Information,
vol. E91-D, no. 7, pp. 2076-2078, July 2008, doi: 10.1093/ietisy/e91-d.7.2076.
Abstract: The ability to recognize quickly inside network flows to be executable is prerequisite for malware detection. For this purpose, we introduce an instruction transition probability matrix (ITPX) which is comprised of the IA-32 instruction sets and reveals the characteristics of executable code's instruction transition patterns. And then, we propose a simple algorithm to detect executable code inside network flows using a reference ITPX which is learned from the known Windows Portable Executable files. We have tested the algorithm with more than thousands of executable and non-executable codes. The results show that it is very promising enough to use in real world.
URL: https://global.ieice.org/en_transactions/information/10.1093/ietisy/e91-d.7.2076/_p
Copy
@ARTICLE{e91-d_7_2076,
author={Ikkyun KIM, Koohong KANG, Yangseo CHOI, Daewon KIM, Jintae OH, Jongsoo JANG, Kijun HAN, },
journal={IEICE TRANSACTIONS on Information},
title={Executable Code Recognition in Network Flows Using Instruction Transition Probabilities},
year={2008},
volume={E91-D},
number={7},
pages={2076-2078},
abstract={The ability to recognize quickly inside network flows to be executable is prerequisite for malware detection. For this purpose, we introduce an instruction transition probability matrix (ITPX) which is comprised of the IA-32 instruction sets and reveals the characteristics of executable code's instruction transition patterns. And then, we propose a simple algorithm to detect executable code inside network flows using a reference ITPX which is learned from the known Windows Portable Executable files. We have tested the algorithm with more than thousands of executable and non-executable codes. The results show that it is very promising enough to use in real world.},
keywords={},
doi={10.1093/ietisy/e91-d.7.2076},
ISSN={1745-1361},
month={July},}
Copy
TY - JOUR
TI - Executable Code Recognition in Network Flows Using Instruction Transition Probabilities
T2 - IEICE TRANSACTIONS on Information
SP - 2076
EP - 2078
AU - Ikkyun KIM
AU - Koohong KANG
AU - Yangseo CHOI
AU - Daewon KIM
AU - Jintae OH
AU - Jongsoo JANG
AU - Kijun HAN
PY - 2008
DO - 10.1093/ietisy/e91-d.7.2076
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E91-D
IS - 7
JA - IEICE TRANSACTIONS on Information
Y1 - July 2008
AB - The ability to recognize quickly inside network flows to be executable is prerequisite for malware detection. For this purpose, we introduce an instruction transition probability matrix (ITPX) which is comprised of the IA-32 instruction sets and reveals the characteristics of executable code's instruction transition patterns. And then, we propose a simple algorithm to detect executable code inside network flows using a reference ITPX which is learned from the known Windows Portable Executable files. We have tested the algorithm with more than thousands of executable and non-executable codes. The results show that it is very promising enough to use in real world.
ER -
English
