• DocumentCode
    1802358
  • Title

    Concurrent Architecture for Automated Malware Classification

  • Author

    Daly, Timothy ; Burns, Luanne

  • fYear
    2010
  • fDate
    5-8 Jan. 2010
  • Firstpage
    1
  • Lastpage
    8
  • Abstract
    This paper introduces a new architecture for automating the generalization of program structure and the recognition of common patterns in the area of malware analysis. By using massively parallel processing on large malware program sets we can recognize common code sequences, such as loop constructs, if-then-else structures, and subroutine calls. We can also recognize common subroutine sequences. The Concordia architecture generalizes the recognized elements so they can be collected into invariant forms. The invariant forms can be used by the analyst to understand the program being analyzed. The invariant forms can also be used to classify large numbers of programs automatically.
  • Keywords
    codes; invasive software; parallel processing; pattern recognition; Concordia architecture; automated malware classification; common code sequences; concurrent architecture; if-then-else structures; loop constructs; parallel processing; pattern recognition; program structure; subroutine calls; Algorithms; Computer architecture; Parallel processing; Pattern analysis; Pattern recognition; Physics; Reverse engineering; Software engineering; Supervised learning; Unsupervised learning;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    System Sciences (HICSS), 2010 43rd Hawaii International Conference on
  • Conference_Location
    Honolulu, HI
  • ISSN
    1530-1605
  • Print_ISBN
    978-1-4244-5509-6
  • Electronic_ISBN
    1530-1605
  • Type

    conf

  • DOI
    10.1109/HICSS.2010.115
  • Filename
    5428506
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1802358