The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
실행 가능한 내부 네트워크 흐름을 빠르게 인식하는 능력은 악성 코드 탐지를 위한 전제 조건입니다. 이를 위해 우리는 IA-32 명령어 세트로 구성되고 실행 가능한 코드의 명령어 전환 패턴의 특성을 나타내는 명령어 전환 확률 매트릭스(ITPX)를 소개합니다. 그런 다음 알려진 Windows Portable Executable 파일에서 학습된 참조 ITPX를 사용하여 네트워크 흐름 내부에서 실행 가능한 코드를 탐지하는 간단한 알고리즘을 제안합니다. 우리는 수천 개 이상의 실행 가능한 코드와 실행 불가능한 코드를 사용하여 알고리즘을 테스트했습니다. 결과는 현실 세계에서 사용하기에 충분히 유망하다는 것을 보여줍니다.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Ikkyun KIM, Koohong KANG, Yangseo CHOI, Daewon KIM, Jintae OH, Jongsoo JANG, Kijun HAN, "Executable Code Recognition in Network Flows Using Instruction Transition Probabilities" in IEICE TRANSACTIONS on Information,
vol. E91-D, no. 7, pp. 2076-2078, July 2008, doi: 10.1093/ietisy/e91-d.7.2076.
Abstract: The ability to recognize quickly inside network flows to be executable is prerequisite for malware detection. For this purpose, we introduce an instruction transition probability matrix (ITPX) which is comprised of the IA-32 instruction sets and reveals the characteristics of executable code's instruction transition patterns. And then, we propose a simple algorithm to detect executable code inside network flows using a reference ITPX which is learned from the known Windows Portable Executable files. We have tested the algorithm with more than thousands of executable and non-executable codes. The results show that it is very promising enough to use in real world.
URL: https://global.ieice.org/en_transactions/information/10.1093/ietisy/e91-d.7.2076/_p
부
@ARTICLE{e91-d_7_2076,
author={Ikkyun KIM, Koohong KANG, Yangseo CHOI, Daewon KIM, Jintae OH, Jongsoo JANG, Kijun HAN, },
journal={IEICE TRANSACTIONS on Information},
title={Executable Code Recognition in Network Flows Using Instruction Transition Probabilities},
year={2008},
volume={E91-D},
number={7},
pages={2076-2078},
abstract={The ability to recognize quickly inside network flows to be executable is prerequisite for malware detection. For this purpose, we introduce an instruction transition probability matrix (ITPX) which is comprised of the IA-32 instruction sets and reveals the characteristics of executable code's instruction transition patterns. And then, we propose a simple algorithm to detect executable code inside network flows using a reference ITPX which is learned from the known Windows Portable Executable files. We have tested the algorithm with more than thousands of executable and non-executable codes. The results show that it is very promising enough to use in real world.},
keywords={},
doi={10.1093/ietisy/e91-d.7.2076},
ISSN={1745-1361},
month={July},}
부
TY - JOUR
TI - Executable Code Recognition in Network Flows Using Instruction Transition Probabilities
T2 - IEICE TRANSACTIONS on Information
SP - 2076
EP - 2078
AU - Ikkyun KIM
AU - Koohong KANG
AU - Yangseo CHOI
AU - Daewon KIM
AU - Jintae OH
AU - Jongsoo JANG
AU - Kijun HAN
PY - 2008
DO - 10.1093/ietisy/e91-d.7.2076
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E91-D
IS - 7
JA - IEICE TRANSACTIONS on Information
Y1 - July 2008
AB - The ability to recognize quickly inside network flows to be executable is prerequisite for malware detection. For this purpose, we introduce an instruction transition probability matrix (ITPX) which is comprised of the IA-32 instruction sets and reveals the characteristics of executable code's instruction transition patterns. And then, we propose a simple algorithm to detect executable code inside network flows using a reference ITPX which is learned from the known Windows Portable Executable files. We have tested the algorithm with more than thousands of executable and non-executable codes. The results show that it is very promising enough to use in real world.
ER -