I haven’t blogged for a few months. I’ve been busy finishing a prototype malware classification system based on flowgraph similarity. That has resulted in submitting a paper to the 8th Australasian Symposium on Parallel and Distributed Computing (AusPDC 2010) http://www.cse.unsw.edu.au/~rajivr/auspdc2010/. The system I developed and discussed in that submission is not fast enough for realtime use in desktop and EMail gateway AntiVirus.  To remedy that, I’ve also been working on a simpler flowgraph based classification system.  It detects less malware variants but performs in near realtime.  I’ve finished a basic prototype and hope to write up my results and submit to an ACM conference by the end of September.  I will write up more details about both systems after publication, which will be at earliest in January 2010.


4 responses to “Updates

  1. Hi Silvio,
    I may be of help, I have been working on a flowgraph matching engine for several months. And i was able achieve almost real time detection.

  2. Hi. Thanks for the information – I was unaware of your work. I have been reading through some of your publications, and it’s very interesting research. Your main contribution appears to be converting CFGs to a tree, and then using a fast and sound algorithm to recognize (malware) CFGs based on constructing an automata – this seems like a very scalable and good approach. I still require to read more thoroughly your work, but from what I can gather, our research differs in several ways – In my submitted AusPDC paper I look at approximate flowgraph matching. Following that, the paper I am working on currently will include inexact matching but additionally focus on exact matching for faster classification. Like you have identified, exact matching can enable a fast classification system. The approach you take for this differs from my approach and infact our classification algorithms would give different results for different varieties of malware. I think there are plenty of possible research directions that are still left to explore. I will certainly include your research in my literature review and reference it in the paper I’m working on.

  3. Sounds interesting. I can hardly wait for the publication of the paper!

  4. “approximate flowgraph matching. Following that, the paper I am working on currently will i”.
    That’s great, I remember reading article on such matching with kind on edition distance between graphs, analogue to the one in phylogeny, but the definition was a bit buggy.
    I’ll definitely read your article !

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s