Pre-processing memory dumps to improve similarity score of Windows modules

Martín-Pérez, Miguel; Rodríguez, Ricardo J.; Balzarotti, Davide

doi:10.1016/j.cose.2020.102119

Cited by 9 publications

(3 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [17] , they introduce an intriguing notion of memory dump preprocessing with two various procedures, making the analysis process faster and easier by relocating file objects. Guided De-Relocation was the first strategy, which specified a new space for the information.…”

Section: Related Workmentioning

confidence: 99%

Obfuscated Malware Memory Detection Employing Lazy Instance Based Learner Algorithm Based On Manhattan Distance Function

Sabah Talabani,

Abdulhadi,

Ali

2024

PJBAS

View full text Add to dashboard Cite

Malware is a severe threat to the network and host system security. It is frequently the primary cause of many events, such as Distributed Denial-of-Service attacks (DDoS), spam emails, etc. The detection and elimination of Malware are the subjects of intensive study. As a result, many antivirus programs have been created to help identify and remove Malware. The issue with this antivirus software is that it uses an obsolete method of detecting Malware, the signature-matching approach, which the primary forms of code obfuscation may deceive. Since then, this has resulted in the creation of a new generation of metamorphic and polymorphic Malware. In this paper, we investigated using the Instance-Based Learner (IBK) algorithm for detecting obfuscated Malware in a given dataset. Utilizing the Lazy IBK technique in malware detection is beneficial because the algorithm can accurately detect and classify the obfuscated Malware in the dataset using the Manhattan Distance function, one of the most well-known distance metric functions for measuring the distance between points. We analyzed an obfuscated malware dataset of 58,596 records selected from 3 malware categories. The algorithm was illustrated on the dataset utilizing 10-fold cross-validation. The results demonstrate that the proposed algorithm can quickly and accurately detect obfuscated Malware with an accuracy of 99.99%, a precision of 100%, and a recall of 100%, respectively.

show abstract

Section: Related Workmentioning

confidence: 99%

Obfuscated Malware Memory Detection Employing Lazy Instance Based Learner Algorithm Based On Manhattan Distance Function

Sabah Talabani,

Abdulhadi,

Ali

2024

PJBAS

View full text Add to dashboard Cite

show abstract

“…This is motivated because in 64-bit mode the RIP-relative addressing form was introduced, which facilitates the construction of position-independent code and therefore the bytes a ected by relocation will be only the ones related to function addresses of shared libraries. We refer the reader to [1] for more details in this issue.…”

Section: Ementioning

confidence: 99%

“…The full version of this paper (with a full description of the experiments and limitations) was published in [1].…”

Section: Ementioning

confidence: 99%