Abstract
In order to evade detection by anti-virus software, malware writers use techniques, such as polymorphism, metamorphism and code re-writing. The result is that such malware contain a much larger fraction of code, compared to benign programs, which tend to maximize code reuse. In this research we study this interesting property and show that by performing archaeological analysis of functions residing within binary files (i.e., estimating the functions` creation date), a new set of informative features can be derived. We show that these features provide a good indication for the existence of malicious code within binary files. Preliminary experiments of the proposed temporal function-based features with a set of over 12,000 files indicates that the proposed set of features can be useful for the detection of malicious files (accuracy of over 90% and AUC of 0.96).
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
