Using purpose capturing signatures to defeat computer virus mutating

Xiaoqi Jia, Xi Xiong, Jiwu Jing, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Nowadays computer viruses become more and more difficult to be identified. Modern computer viruses use various mutation techniques such as polymorphism and metamorphism to evade detection. Previous researches in mutated computer virus detection have limitations in that: 1) most of them cannot handle advanced mutation techniques; 2) the methods based on source code analysis are less practical. 3) some methods are unable to detect computer viruses immediately. In this paper, we present a new dynamic approach to detect and analyze computer viruses based on Virtual Machine technology. We show that 1) how to generate Purpose Capturing Signatures based on the information of runtime values (execution value sequence, EVS) and control flows (execution control sequence, ECS); 2) how to detect and analyze computer viruses using the purpose-capturing signatures. To our best knowledge, it is the first method to perform computer virus detection and analysis using the EVS and ECS. Our experimental evaluation demonstrates that this approach is able to use one signature to detect all mutations of the corresponding virus efficiently.

Original languageEnglish (US)
Title of host publicationInformation Security Practice and Experience - 6th International Conference, ISPEC 2010, Proceedings
Pages153-171
Number of pages19
DOIs
StatePublished - Dec 23 2010
Event6th International Conference on Information Security Practice and Experience, ISPEC 2010 - Seoul, Korea, Republic of
Duration: May 12 2010May 13 2010

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6047 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other6th International Conference on Information Security Practice and Experience, ISPEC 2010
CountryKorea, Republic of
CitySeoul
Period5/12/105/13/10

Fingerprint

Computer Virus
Computer viruses
Signature
Mutation
Virtual Machine
Flow Control
Polymorphism
Experimental Evaluation
Flow control
Virus
Immediately

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Jia, X., Xiong, X., Jing, J., & Liu, P. (2010). Using purpose capturing signatures to defeat computer virus mutating. In Information Security Practice and Experience - 6th International Conference, ISPEC 2010, Proceedings (pp. 153-171). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6047 LNCS). https://doi.org/10.1007/978-3-642-12827-1_12
Jia, Xiaoqi ; Xiong, Xi ; Jing, Jiwu ; Liu, Peng. / Using purpose capturing signatures to defeat computer virus mutating. Information Security Practice and Experience - 6th International Conference, ISPEC 2010, Proceedings. 2010. pp. 153-171 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{54556a8750d54f65ba5e18567b0744ae,
title = "Using purpose capturing signatures to defeat computer virus mutating",
abstract = "Nowadays computer viruses become more and more difficult to be identified. Modern computer viruses use various mutation techniques such as polymorphism and metamorphism to evade detection. Previous researches in mutated computer virus detection have limitations in that: 1) most of them cannot handle advanced mutation techniques; 2) the methods based on source code analysis are less practical. 3) some methods are unable to detect computer viruses immediately. In this paper, we present a new dynamic approach to detect and analyze computer viruses based on Virtual Machine technology. We show that 1) how to generate Purpose Capturing Signatures based on the information of runtime values (execution value sequence, EVS) and control flows (execution control sequence, ECS); 2) how to detect and analyze computer viruses using the purpose-capturing signatures. To our best knowledge, it is the first method to perform computer virus detection and analysis using the EVS and ECS. Our experimental evaluation demonstrates that this approach is able to use one signature to detect all mutations of the corresponding virus efficiently.",
author = "Xiaoqi Jia and Xi Xiong and Jiwu Jing and Peng Liu",
year = "2010",
month = "12",
day = "23",
doi = "10.1007/978-3-642-12827-1_12",
language = "English (US)",
isbn = "3642128262",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "153--171",
booktitle = "Information Security Practice and Experience - 6th International Conference, ISPEC 2010, Proceedings",

}

Jia, X, Xiong, X, Jing, J & Liu, P 2010, Using purpose capturing signatures to defeat computer virus mutating. in Information Security Practice and Experience - 6th International Conference, ISPEC 2010, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6047 LNCS, pp. 153-171, 6th International Conference on Information Security Practice and Experience, ISPEC 2010, Seoul, Korea, Republic of, 5/12/10. https://doi.org/10.1007/978-3-642-12827-1_12

Using purpose capturing signatures to defeat computer virus mutating. / Jia, Xiaoqi; Xiong, Xi; Jing, Jiwu; Liu, Peng.

Information Security Practice and Experience - 6th International Conference, ISPEC 2010, Proceedings. 2010. p. 153-171 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6047 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Using purpose capturing signatures to defeat computer virus mutating

AU - Jia, Xiaoqi

AU - Xiong, Xi

AU - Jing, Jiwu

AU - Liu, Peng

PY - 2010/12/23

Y1 - 2010/12/23

N2 - Nowadays computer viruses become more and more difficult to be identified. Modern computer viruses use various mutation techniques such as polymorphism and metamorphism to evade detection. Previous researches in mutated computer virus detection have limitations in that: 1) most of them cannot handle advanced mutation techniques; 2) the methods based on source code analysis are less practical. 3) some methods are unable to detect computer viruses immediately. In this paper, we present a new dynamic approach to detect and analyze computer viruses based on Virtual Machine technology. We show that 1) how to generate Purpose Capturing Signatures based on the information of runtime values (execution value sequence, EVS) and control flows (execution control sequence, ECS); 2) how to detect and analyze computer viruses using the purpose-capturing signatures. To our best knowledge, it is the first method to perform computer virus detection and analysis using the EVS and ECS. Our experimental evaluation demonstrates that this approach is able to use one signature to detect all mutations of the corresponding virus efficiently.

AB - Nowadays computer viruses become more and more difficult to be identified. Modern computer viruses use various mutation techniques such as polymorphism and metamorphism to evade detection. Previous researches in mutated computer virus detection have limitations in that: 1) most of them cannot handle advanced mutation techniques; 2) the methods based on source code analysis are less practical. 3) some methods are unable to detect computer viruses immediately. In this paper, we present a new dynamic approach to detect and analyze computer viruses based on Virtual Machine technology. We show that 1) how to generate Purpose Capturing Signatures based on the information of runtime values (execution value sequence, EVS) and control flows (execution control sequence, ECS); 2) how to detect and analyze computer viruses using the purpose-capturing signatures. To our best knowledge, it is the first method to perform computer virus detection and analysis using the EVS and ECS. Our experimental evaluation demonstrates that this approach is able to use one signature to detect all mutations of the corresponding virus efficiently.

UR - http://www.scopus.com/inward/record.url?scp=78650294340&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78650294340&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-12827-1_12

DO - 10.1007/978-3-642-12827-1_12

M3 - Conference contribution

AN - SCOPUS:78650294340

SN - 3642128262

SN - 9783642128264

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 153

EP - 171

BT - Information Security Practice and Experience - 6th International Conference, ISPEC 2010, Proceedings

ER -

Jia X, Xiong X, Jing J, Liu P. Using purpose capturing signatures to defeat computer virus mutating. In Information Security Practice and Experience - 6th International Conference, ISPEC 2010, Proceedings. 2010. p. 153-171. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-12827-1_12