By Silvio Cesare, Yang Xiang

Software similarity and type is an rising subject with extensive functions. it really is acceptable to the parts of malware detection, software program robbery detection, plagiarism detection, and software program clone detection. Extracting software good points, processing these beneficial properties into appropriate representations, and developing distance metrics to outline similarity and dissimilarity are the most important the way to determine software program editions, clones, derivatives, and periods of software program. software program Similarity and category experiences the literature of these center ideas, as well as appropriate literature in each one software and demonstrates that contemplating those utilized difficulties as a similarity and category challenge allows options to be shared among parts. also, the authors current in-depth case reports utilizing the software program similarity and category concepts constructed through the book.

Show description

Read Online or Download Software Similarity and Classification PDF

Best network security books

IPSec (2nd Edition)

IPSec, moment variation is the main authoritative, finished, available, and updated consultant to IPSec expertise. top professionals hide all aspects of IPSec structure, implementation, and deployment; assessment vital technical advances given that IPSec was once first standardized; and current new case reviews demonstrating end-to-end IPSec protection.

A Survey of Data Leakage Detection and Prevention Solutions

SpringerBriefs current concise summaries of state-of-the-art examine and functional purposes throughout a large spectrum of fields. that includes compact volumes of fifty to a hundred pages (approximately 20,000- 40,000 words), the sequence covers various content material from specialist to educational. Briefs permit authors to provide their rules and readers to take in them with minimum time funding.

Unified Communications Forensics. Anatomy of Common UC Attacks

Unified Communications Forensics: Anatomy of universal UC assaults is the 1st ebook to provide an explanation for the problems and vulnerabilities and reveal the assaults, forensic artifacts, and countermeasures required to set up a safe (UC) surroundings. This ebook is written by way of top UC specialists Nicholas supply and Joseph W.

CCSP Self-Study CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide

Community safeguard is a really advanced company. The Cisco snap shots Firewall plays a few very particular services as a part of the protection procedure. you will need to to be conversant in many networking and community safety strategies earlier than you adopt the CSPFA certification. This publication is designed for safeguard execs or networking pros who're attracted to starting the protection certification technique.

Extra info for Software Similarity and Classification

Example text

Dynamic objects have both a relocatable view and an executable view—shared libraries use this format. Dynamic linking is slightly different to the PE format and uses a Global Offset Table (GOT) and a stub call to the runtime linker to resolve imports. 3 Java Class File Java class files [6] contain object code in sections defined in the file’s headers. The object code is in the instruction format for execution on the Java Virtual Machine. Like the previous object file format, a sequence of marker bytes (the magic bytes) in the header identifies the file format.

Polymorphism borrows many of the techniques from the field of program obfuscation. Polymorphism is sometimes described by the similar term of metamorphism. In that usage it is used to describe the automated syntactic mutation of the malware’s code and instructions. Under such terminology, polymorphism is used to describe syntactic mutation of limited parts of the malware’s instruction content. The remaining parts of the malware are encoded at the byte level without regard to the instruction syntax or semantics.

After the restoration routine of one packing transformation has been applied, control may transfer another packed layer. The original entry point is derived from the last such layer. The process of this form of malware packing is shown in Fig. 7. 10 Shifting Decode Frame An extension to traditional code packing is to maintain as much of the packed image in an encrypted form at run-time. During execution of the malware, blocks of memory can be decrypted as needed and subsequently re-encrypted to prevent an analyst or 26 3 Program Transformations and Obfuscations Shifting Decode Frame Restoration Routine Shifting Decode Frame Restoration Routine Runtime Packing Original Code Original Code Original Executable Hidden Code = f(Original Code) Hidden Code Packed Executable Memory Image at Runtime Fig.

Download PDF sample

Rated 4.49 of 5 – based on 41 votes