Sciweavers

IRI
2006
IEEE

A similarity based technique for detecting malicious executable files for computer forensics

14 years 5 months ago
A similarity based technique for detecting malicious executable files for computer forensics
With the rapidly increasing complexity of computer systems and the sophistication of hacking tools and techniques, there is a crucial need for computer forensic analysis techniques. Very few techniques exist to support forensic analysis of unknown executable files. The existing techniques primarily inspect executable files to detect known signatures or are based on metadata information. A key goal of such forensic investigation is to identify malicious executable files that hackers might have installed in a targeted system. Finding such malware in a compromised system is difficult because it is hard to identify the purpose of the fragments of executable files. In this paper, we present a similaritybased technique that analyzes targeted executable files to identify a malware present in a compromised system. The technique involves assigning a similarity value to the fragments of executable files present in a compromised hard disk against a set of source files. We present some results ba...
Jun-Hyung Park, Minsoo Kim, BongNam Noh, James B.
Added 12 Jun 2010
Updated 12 Jun 2010
Type Conference
Year 2006
Where IRI
Authors Jun-Hyung Park, Minsoo Kim, BongNam Noh, James B. D. Joshi
Comments (0)