A NUMBER OF TECHNIQUES TO CREATE MALWARE DATABASE

  • Trịnh Minh Đức, Đinh Khánh Linh, Lê Khánh Dương, Võ Văn Trường
Keywords: Malware; malware database; hash; byte-signature; heuristics; binary-diffing

Abstract

Nowadays, malware attacks are growing rapidly, the number of new malwares is appearing more and more. Many dangerous malwares can even easily bypass antivirus programs. Besides, losses caused by malwares become extremely serious. Hence, building a system which is capable of detecting malwares automatically is essential. This paper presents three main techniques based on signature to create malware database used for malware scanning process: hash, byte signature and heuristics. These techniques are applied to infected files on the Microsoft Windows operating system in order to generate a new malware database. These techniques have been tested and demonstrated the effectiveness on malware scanning tools ClamAV, Yara and Ssdeep. The results showed that when using three open source malware scan tools, including ClamAV, Yara and Ssdeep in combination with this malware sample database, about 90% of malware samples were detected.

điểm /   đánh giá
Published
2020-08-31
Issue
Vol. 225 No. 09: KHOA HỌC TỰ NHIÊN - KỸ THUẬT - CÔNG NGHỆ
Section
NATURAL SCIENCE – ENGINEERING – TECHNOLOGY