JCP 2018 Vol.13(5): 545-554 ISSN: 1796-203X
doi: 10.17706/jcp.13.5.545-554
doi: 10.17706/jcp.13.5.545-554
A Bit Vector Based Binary Code Comparison Method for Static Malware Analysis
Ki-Su Kim1, Hyo-Jeong Shin2, Hyong-Shik Kim1
1Department of Computer Science & Engineering, Chungnam National University, Daejeon, korea.
2Software Research Center, Chungnam National University, Daejeon, korea.
Abstract—As variants of malicious codes have made it difficult and complicated to detect possible threat in the Internet, it is one of the most important challenges to analyze the malwares correctly in a timely manner. It has been also observed that we need static analysis as well as dynamic analysis to detect the malware correctly. In this paper, we define a bit vector to characterize a binary code, and utilize it for static malware analysis. Since each bit of a bit vector is organized to indicate the existence of a certain function or code block, we could replace a comparison operation on binary codes by simple logical operations. Common features of a group of binary codes could be also captured by bit vectors, which would be used to determine whether another binary code is similar to those of the group or not. Experimental results show that the bit vector could be effectively utilized to do static malware analysis, and that the group bit vectors could help classify the malwares into their appropriate groups.
Index Terms—Binary code comparison, static malware analysis, bit vector representation.
2Software Research Center, Chungnam National University, Daejeon, korea.
Abstract—As variants of malicious codes have made it difficult and complicated to detect possible threat in the Internet, it is one of the most important challenges to analyze the malwares correctly in a timely manner. It has been also observed that we need static analysis as well as dynamic analysis to detect the malware correctly. In this paper, we define a bit vector to characterize a binary code, and utilize it for static malware analysis. Since each bit of a bit vector is organized to indicate the existence of a certain function or code block, we could replace a comparison operation on binary codes by simple logical operations. Common features of a group of binary codes could be also captured by bit vectors, which would be used to determine whether another binary code is similar to those of the group or not. Experimental results show that the bit vector could be effectively utilized to do static malware analysis, and that the group bit vectors could help classify the malwares into their appropriate groups.
Index Terms—Binary code comparison, static malware analysis, bit vector representation.
Cite: Ki-Su Kim, Hyo-Jeong Shin, Hyong-Shik Kim, "A Bit Vector Based Binary Code Comparison Method for Static Malware Analysis," Journal of Computers vol. 13, no. 5, pp. 545-554, 2018.
General Information
ISSN: 1796-203X
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Editor-in-Chief: Prof. Liansheng Tan
Executive Editor: Ms. Nina Lee
Abstracting/ Indexing: DBLP, EBSCO, ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat,etc
E-mail: jcp@iap.org
-
Nov 14, 2019 News!
Vol 14, No 11 has been published with online version [Click]
-
Mar 20, 2020 News!
Vol 15, No 2 has been published with online version [Click]
-
Dec 16, 2019 News!
Vol 14, No 12 has been published with online version [Click]
-
Sep 16, 2019 News!
Vol 14, No 9 has been published with online version [Click]
-
Aug 16, 2019 News!
Vol 14, No 8 has been published with online version [Click]
- Read more>>