A Novel Immune Based Approach for Detection of Windows PE Virus

Li, Tao; Sun, Jia; Qin, Renchao

doi:10.1007/978-3-540-88192-6_24

Cited by 2 publications

(3 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One of the most important things that should take into account is the security of the information. Information security is concerned with the guarantee of data quality [12]. In other words, information security providing the following services: confidentiality: the guarantee that data can"t be accessible for unauthorized persons.…”

Section: VIImentioning

confidence: 99%

A Proposed System for Hiding Information In Portable Executable Files Based on Analyzing Import Section

Jawwad¹

2014

IOSRJEN

View full text Add to dashboard Cite

Information-hiding techniques have newly become very important in a many application areas. Many cover mediums have been used to hide information like image, video, voice. Use of these mediums have been extensively studied. In this paper, we propose new system for hiding information in Portable Executable files (PE files). PE is a file format for executable file used in the 32-bit and 64-bit versions of the Windows operating system. This algorithm has higher security than some traditional ones because of the combination between encryption and hiding. We first encrypt the information before hiding it to ensure high security. After that we hide the information in the import table of PE file. This hiding depends on analyzing the import table characteristics of PE files that have been built under Borland turbo assembler. The testing result shows that the result file does not make any inconsistency with anti-virus programs and the PE file still function as normal after the hiding process.

show abstract

Section: VIImentioning

confidence: 99%

A Proposed System for Hiding Information In Portable Executable Files Based on Analyzing Import Section

Jawwad¹

2014

IOSRJEN

View full text Add to dashboard Cite

show abstract

“…With the rapid development of computer and the Internet technology, the threat of computer viruses is becoming more and more serious. Traditional signature-based anti-virus software needs updating the virus database regularly, and the virus detection relying on the known virus database is a passive protection technology without the capacity of detecting the new unknown virus, the virus deformation, and packed virus [1,2,3]. PE (Portable executable) file format is a standard Windows executable file format, which plays a very important role in the Windows operating system.…”

Section: Introductionmentioning

confidence: 99%

“…Moreover, it's not easy to use in practice. Zhang [2,3] proposed an immunity-based method for detection of unknown windows virus by utilizing self-relocation module to generate antibodies. The method has a relatively high detection rate for unknown PE virus, but it cannot detect packed PE virus.…”

Section: Introductionmentioning

confidence: 99%

A Scheme of PE Virus Detection Using Fragile Software Watermarking Technique

Tian¹,

Sun²,

Yang³

2011

JDCTA

View full text Add to dashboard Cite

It is a difficult issue in the anti-virus field about how to detect unknown and packed PE (Portable Executable) viruses effectively, and existing schemes for anti-virus detection are dissatisfactory. Based on an analysis of the logical structures of Windows PE file and PE virus, a new method of PE virus detection is presented here, which exploits fragile software watermarking technique for virus detection. It describes how the new scheme embeds a software watermark into the PE files for virus detection. The experiment shows that the new method has a higher rate in detecting unknown PE virus than some existing ones, and can detect directly the packed PE virus.

show abstract

A Novel Immune Based Approach for Detection of Windows PE Virus

Cited by 2 publications

References 7 publications

A Proposed System for Hiding Information In Portable Executable Files Based on Analyzing Import Section

A Proposed System for Hiding Information In Portable Executable Files Based on Analyzing Import Section

A Scheme of PE Virus Detection Using Fragile Software Watermarking Technique

Contact Info

Product

Resources

About