期刊名称:Journal of Theoretical and Applied Information Technology
印刷版ISSN:1992-8645
电子版ISSN:1817-3195
出版年度:2013
卷号:49
期号:1
出版社:Journal of Theoretical and Applied
摘要:Signature-based malware detection is a very fundamental technique that detects malware by generating signatures. The detection however, is unable to detect obfuscated malware unless pre-generated signature is stored in the database. In this paper, we propose a combination of known packer detection, unpacking module, and heuristic scanning techniques to find and block a malicious program before it manages to be executed locally. Unpacking is the process of stripping packer layers and restoring the original contents. This module contains self-decryption script bodies that are devised to detect and extract the hidden-code bodies of obfuscated malware. Hence, the scanning process only deals with real malware body but not junk block or junk subroutine code. This paper also draws up the implementation and the evaluation of our virus scanning mechanisms. Finally, we present experimental results of our proposed techniques and the results show that our test set is highly accurate.
