期刊名称:International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
印刷版ISSN:2278-1323
出版年度:2012
卷号:1
期号:4
页码:714-728
出版社:Shri Pannalal Research Institute of Technolgy
摘要:The signature extraction process is based on a comparison with a common function repository. By eliminatin functions appearing in the common function repository from the signature candidate list, P-DPL can minimize the risk of false-positive detection errors. To minimize false-positive rates for P-DPL proposes intelligent candidate selection using entropy score to generate signatures. Evaluation of P-DPL was conducted under various conditions. The findings suggest that the proposed method can be used for automatically generating signatures that are both specific, sensitive. In this paper we propose a new automatic mechanism, termed P -DPL for extracting signatures from malware files and unwanted mapping files. Signatures generated by P-DPL are comprised of multiple byte- strings, which can be used by high-speed, network-based, malware filtering devices. In order to minimize the risk of false positives (i.e., detection of a malware signature in benign executable files), P -DPL employs a method for sanitizing executable file from chunks of code that originate from the underlying standard development platforms and replicated in various instances of begins and malicious programs developed by these platforms. In this method we have developed a new innovative form to find malicious data in the packet. We believe that P-DPL Another direction we intend to examine is the use of a malware function library (MFL) in the signature generation process in order to further strengthen the signatures and minimize the risk of false positives. In addition, regular expressions defined by two or more distinct signatures can be used in order to further minimize the risk of false positives.
