Disassembled code analyzer for malware (DCAM)

Sulaiman, Anthonius; Ramamoorthy, K.; Mukkamala, Srinivas; Sung, Andrew H.

doi:10.1109/iri-05.2005.1506506

Cited by 7 publications

(4 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, we argue that it is important to detect adware to let users exercise the right to make an informed choice about the software they install. In previous work, opcodes have been used for detection of different variants of worms and some types of spyware [14]. From the original malware, opcodes were extracted and paired with labels.…”

Section: Related Workmentioning

confidence: 99%

Accurate Adware Detection Using Opcode Sequence Extraction

Shahzad

Lavesson

Johnson

2011

2011 Sixth International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

Accurate Adware Detection Using Opcode Sequence Extraction

Shahzad

Lavesson

Johnson

2011

2011 Sixth International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

“…DCAM is a static malware detection technique using code disassembly to recognize malware variants based on a common core signature with promising results on a set of malware [33]. MARE introduced a four-stage approach covering a structured analysis process that focuses on producing an objective outcome to detect malware followed by isolation and extraction phases, as shown by [34], who introduced the malware behavioral technique, malware reverse engineering, and code analysis.…”

Section: E Methodologies Deployed In Malware Analysismentioning

confidence: 99%

Analyzing WhisperGate and BlackCat Malware: Methodology and Threat Perspective

Nicho¹,

Yadav²,

Singh³

2023

IJACSA

View full text Add to dashboard Cite

The increasing use of powerful evasive ransomware malware in cyber warfare and targeted attacks is a persistent and growing challenge for nations, corporations, and small and medium-sized enterprises. This threat is evidenced by the emergence of the WhisperGate malware in cyber warfare, which targets organizations in Ukraine to render targeted devices inoperable, and the BlackCat malware, which targets large organizations by encrypting files. This paper outlines a practical approach to malware analysis using WhisperGate and BlackCat malware as samples. It subjects them to heuristic-based analysis techniques, including a combination of static, dynamic, hybrid, and memory analysis. Specifically, 12 tools and techniques were selected and deployed to reveal the malware's innovative stealth and evasion capabilities. This methodology shows what techniques can be applied to analyze critical malware and differentiate samples that are variations of known threats. The paper presents currently available tools and their underlying approaches to performing automated dynamic analysis on potentially malicious software. The study thus demonstrates a practical approach to carrying out malware analysis to understand cybercriminals' behavior, techniques, and tactics.

show abstract

“…Opcodes have already been used to build signature databases that can be searched to detect different variants of worms [17]. To avoid the problem of having to manually update the databases of the scanners, data mining algorithms were later used as part of a scientific study to build a generic scanner [18].…”

Section: B Related Directions Of Researchmentioning

confidence: 99%

“…These types of malware are typically very distinct from the standard benign software program. Moreover, only a few studies have used only the opcode from the instruction as the feature of choice [17][18] [19]. Today, very little is known about the appropriateness of using opcodes or instruction sequences as features when trying to detect the type of malware that is more similar to benign software in terms of behavior.…”

Section: B Related Directions Of Researchmentioning

confidence: 99%

Detecting scareware by mining variable length instruction sequences

Shahzad

Lavesson

2011

2011 Information Security for South Africa

View full text Add to dashboard Cite

Abstract-Scareware is a recent type of malicious software that may pose financial and privacy-related threats to novice users. Traditional countermeasures, such as anti-virus software, require regular updates and often lack the capability of detecting novel (unseen) instances. This paper presents a scareware detection method that is based on the application of machine learning algorithms to learn patterns in extracted variable length opcode sequences derived from instruction sequences of binary files. The patterns are then used to classify software as legitimate or scareware but they may also reveal interpretable behavior that is unique to either type of software. We have obtained a large number of real world scareware applications and designed a data set with 550 scareware instances and 250 benign instances. The experimental results show that several common data mining algorithms are able to generate accurate models from the data set. The Random Forest algorithm is shown to outperform the other algorithms in the experiment. Essentially, our study shows that, even though the differences between scareware and legitimate software are subtler than between, say, viruses and legitimate software, the same type of machine learning approach can be used in both of these dissimilar cases.

show abstract

Disassembled code analyzer for malware (DCAM)

Cited by 7 publications

References 1 publication

Accurate Adware Detection Using Opcode Sequence Extraction

Accurate Adware Detection Using Opcode Sequence Extraction

Analyzing WhisperGate and BlackCat Malware: Methodology and Threat Perspective

Detecting scareware by mining variable length instruction sequences

Contact Info

Product

Resources

About