Hierarchical Clustering Based Packed-Malware Categorization System

• Main Authors: Chen Tsou, 鄒澄
• Other Authors: Shi-Jinn Horng
• Format: Others
• Language: zh-TW
• Published: 2013
• Online Access: http://ndltd.ncl.edu.tw/handle/20777503378237672023

碩士 === 國立臺灣科技大學 === 資訊工程系 === 101 === Traditional antivirus technology determine malware by specific signatures, But the program once through parker and its contents have changed, Pattern recognition cannot recognize for it does or not. Therefore, The current malware often use software to packers, so that it can effectively escape detection by antivirus software. The packer is actually using special algorithms to compress the file, but file can execute independently after compression. Because modern computer's CPU execution speed is very quickly, during Unpack process the user will not have the opportunity to understand what going on action program. How to identify whether a file is packed that becomes very important. Current general purpose tools PEiD has restrictions on its use. How to more effectively and quickly determine which file is packed. The current research focus on this field, and this paper presents using the sandbox environment to implement DLL detection files by API as a characteristic value. Agglomerative hierarchical clustering use these features to determine packers types and virus analysis.