iBet uBet web content aggregator. Adding the entire web to your favor.
iBet uBet web content aggregator. Adding the entire web to your favor.



Link to original content: https://doi.org/10.1093/ietisy/e91-d.7.2076
Executable Code Recognition in Network Flows Using Instruction Transition Probabilities
IEICE Transactions on Information and Systems
Online ISSN : 1745-1361
Print ISSN : 0916-8532
Regular Section
Executable Code Recognition in Network Flows Using Instruction Transition Probabilities
Ikkyun KIMKoohong KANGYangseo CHOIDaewon KIMJintae OHJongsoo JANGKijun HAN
Author information
Keywords: executable code, malware detection, IA-32 Instruction
JOURNAL FREE ACCESS

2008 Volume E91.D Issue 7 Pages 2076-2078

Details
Download PDF (1188K)
Download citation RIS

(compatible with EndNote, Reference Manager, ProCite, RefWorks)

BIB TEX

(compatible with BibDesk, LaTeX)

Text
How to download citation
Contact us
Abstract

The ability to recognize quickly inside network flows to be executable is prerequisite for malware detection. For this purpose, we introduce an instruction transition probability matrix (ITPX) which is comprised of the IA-32 instruction sets and reveals the characteristics of executable code's instruction transition patterns. And then, we propose a simple algorithm to detect executable code inside network flows using a reference ITPX which is learned from the known Windows Portable Executable files. We have tested the algorithm with more than thousands of executable and non-executable codes. The results show that it is very promising enough to use in real world.

Content from these authors
© 2008 The Institute of Electronics, Information and Communication Engineers
Previous article Next article
Favorites & Alerts

Recently viewed articles
Announcements from publisher
  • Readers can also download the PDF from https://search.ieice.org/iss/
  • PayPerView service
  • Please contact trans-d [a] ieice.org, if you want to unlock PDF security.
Share this page
feedback
 Top