| Publisher | University of Wisconsin | ||
|---|---|---|---|
| Format | 312.0KB PDF | Date added | 22 Aug 2005 |
| Topics | Spyware, Anti-Virus, Network Security | ||
| Downloads | 114 | ||
Malware is code designed for a malicious purpose, such as obtaining root privilege on a host. A malware detector identifies malware and thus prevents it from adversely affecting a host. In order to evade detection by malware detectors, malware writers use various obfuscation techniques to transform their malware. There is strong evidence that commercial malware detectors are susceptible to these evasion tactics. This paper describes the design and implementation of a malware normalizer that undoes the obfuscations performed by a malware writer. The experimental evaluation demonstrates that a malware normalizer can drastically improve detection rates of commercial malware detectors. Moreover, a malware normalizer can also ease the task of forensic analysis of malware.
Did you find this white paper useful?
24 out of 50 users found this white paper useful
Related white papers
MessageLabs Intelligence : 2009 security Predictions
Having analyzed the global threat landscape for almost a decade, MessageLabs Team Skeptic™ is comprised of many world-renowned malware and spam experts who have a global view of threats across...
Securities Firm Avoids NASD Penalties With FaceTime IMAuditor
Instant messaging (IM) is posing supervisory, recordkeeping and compliance challenges for securities trading firms. Though this form of real-time communication may not be as mature as e-mail and paper-based communications,...
The Past, Present and Future of Whitelisting
The explosion in malware and zero-day vulnerabilities over the last several years has limited the effectiveness of blacklisting technology. While still important, it must be augmented with other technologies such...
Moving Beyond AV to Ensure Secure and Compliant Endpoints
In today's Web 2.0 world, software is more distributed than ever before. Employees download a variety of Internet applications on a regular basis, with each new download altering system configurations...
High-performance protection at the network edge—what, why and how
With more demands being put on lightweight network-edge hardware to provide security and connectivity, combining simplified malware detection with URI filtering can offer excellent proactive protection without overburdening the hardware...
Not All Malware Detection is Created Equal
The internet is now the number-one conduit for infecting users with malware. Sophos detects a new infected web page every few seconds. This white paper outlines the terms you need...
Resource Guide: Workstation Productivity
Desktop computers have come a long way in terms of value and performance for the average user but many of today's more demanding applications require more advanced workstations with even...
