2013 Fiscal Year Final Research Report
An automatic unpacking method for computer virus effective in the virus filter based on Bayesian theorem
| Project/Area Number |
23500074
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Multi-year Fund |
|---|
| Section | 一般 |
|---|
| Research Field |
Computer system/Network
|
|---|
| Research Institution | Iwate University |
|---|
Principal Investigator |
KOI Yuji 岩手大学, 工学部, 非常勤講師 (20333750)
|
|---|
| Co-Investigator(Kenkyū-buntansha) |
NAKAYA Naoshi 岩手大学, 工学部, 准教授 (20322969)
|
|---|
| Project Period (FY) |
2011 – 2013
|
| Keywords | ベイジアンフィルタ / ベイズの定理 / 難読化 / 暗号化 / 実行可能圧縮 / 未知ウイルス |
|---|
| Research Abstract |
A rapid automatic virus detection algorithm using static code analysis is necessary.However,recent computer viruses are almost compressed into the executable compress format and are obfuscated.Thus,it is difficult to determine the characteristics of the binary code from the obfuscated computer viruses.
In this research,a method that unpacks compressed computer viruses automatically without restriction to compression type is proposed.The proposed method unpacks the common compression formats accurately 80% of the time,while unknown compression formats can also be unpacked.The proposed method is effective against unknown viruses by combining it with the existing known virus detection system like Bayesian Virus Filter.We could achieve to implement 95% detection rates and 0.02% false detection rates.
|
