automatic code features extraction using bio inspired
play

Automatic code features extraction using bio-inspired algorithms - - PDF document

Aug 09, 2023 •283 likes •820 views

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/308793546 Automatic code features extraction using bio-inspired algorithms - presentation Data October 2016 CITATIONS READS 0 35 3

  1. See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/308793546 Automatic code features extraction using bio-inspired algorithms - presentation Data · October 2016 CITATIONS READS 0 35 3 authors , including: Ciprian Oprisa Adrian Cole ș a Universitatea Tehnica Cluj-Napoca Universitatea Tehnica Cluj-Napoca 32 PUBLICATIONS 70 CITATIONS 32 PUBLICATIONS 67 CITATIONS SEE PROFILE SEE PROFILE Some of the authors of this publication are also working on these related projects: Virtualization-Based Security of User Security-Sensitive Applications View project All content following this page was uploaded by Ciprian Oprisa on 03 October 2016. The user has requested enhancement of the downloaded file.

  2. Automatic Code Features Extraction Using Bio-inspired Algorithms EICAR 2013 Ciprian Opris , a , George Cab˘ au and Adrian Coles , a Bitdefender, Technical University of Cluj-Napoca November 18, 2013

  3. Agenda Introduction 1 Objectives 2 OpCodes Extraction and Normalization 3 Automatic Filters Selection 4 Experimental results 5 Conclusions and future work 6 C. Opris , a (Bitdefender) Automatic Code Features Extraction Using Bio-inspired Algorithms November 18, 2013 2 / 25

  4. 1. Introduction Agenda Introduction 1 Objectives 2 OpCodes Extraction and Normalization 3 Automatic Filters Selection 4 Experimental results 5 Conclusions and future work 6 C. Opris , a (Bitdefender) Automatic Code Features Extraction Using Bio-inspired Algorithms November 18, 2013 3 / 25

  5. 1. Introduction Where are we? (1) We need to detect malware. � �� � ↓ Hash(es) ↓ ? Malware database ւ ց C. Opris , a (Bitdefender) Automatic Code Features Extraction Using Bio-inspired Algorithms November 18, 2013 4 / 25

  6. 1. Introduction Where are we? (2) � �� � ↓ C. Opris , a (Bitdefender) Automatic Code Features Extraction Using Bio-inspired Algorithms November 18, 2013 5 / 25

  7. 1. Introduction Where are we? (2) � �� � ↓ → push , mov , sub , mov , push , lea , push , call , mov , . . . → pmsmplpcmlpctjczczczmJ C. Opris , a (Bitdefender) Automatic Code Features Extraction Using Bio-inspired Algorithms November 18, 2013 5 / 25

  8. 1. Introduction Where are we? (2) � �� � ↓ → push , mov , sub , mov , push , lea , push , call , mov , . . . → pmsmplpc mlpctjczczczmJ <pmsmplpc> C. Opris , a (Bitdefender) Automatic Code Features Extraction Using Bio-inspired Algorithms November 18, 2013 5 / 25

  9. 1. Introduction Where are we? (2) � �� � ↓ → push , mov , sub , mov , push , lea , push , call , mov , . . . → p msmplpcm lpctjczczczmJ <pmsmplpc> , <msmplpcm> C. Opris , a (Bitdefender) Automatic Code Features Extraction Using Bio-inspired Algorithms November 18, 2013 5 / 25

  10. 1. Introduction Where are we? (2) � �� � ↓ → push , mov , sub , mov , push , lea , push , call , mov , . . . → pm smplpcml pctjczczczmJ <pmsmplpc> , <msmplpcm> , <smplpcml> C. Opris , a (Bitdefender) Automatic Code Features Extraction Using Bio-inspired Algorithms November 18, 2013 5 / 25

  11. 1. Introduction Where are we? (2) � �� � ↓ → push , mov , sub , mov , push , lea , push , call , mov , . . . → pms mplpcmlp ctjczczczmJ <pmsmplpc> , <msmplpcm> , <smplpcml> , <mplpcmlp> C. Opris , a (Bitdefender) Automatic Code Features Extraction Using Bio-inspired Algorithms November 18, 2013 5 / 25

  12. 1. Introduction Where are we? (2) � �� � ↓ → push , mov , sub , mov , push , lea , push , call , mov , . . . → pmsm plpcmlpc tjczczczmJ <pmsmplpc> , <msmplpcm> , <smplpcml> , <mplpcmlp> , <plpcmlpc> C. Opris , a (Bitdefender) Automatic Code Features Extraction Using Bio-inspired Algorithms November 18, 2013 5 / 25

  13. 1. Introduction Where are we? (2) � �� � ↓ → push , mov , sub , mov , push , lea , push , call , mov , . . . → pmsmplpcmlpctjczczczmJ <pmsmplpc> , <msmplpcm> , <smplpcml> , <mplpcmlp> , <plpcmlpc> , . . . C. Opris , a (Bitdefender) Automatic Code Features Extraction Using Bio-inspired Algorithms November 18, 2013 5 / 25

  14. 1. Introduction Where are we? (2) � �� � ↓ → push , mov , sub , mov , push , lea , push , call , mov , . . . → pmsmplpcmlpctjczczczmJ <pmsmplpc> , <msmplpcm> , <smplpcml> , <mplpcmlp> , <plpcmlpc> , . . . ↓ ? Malware database ւ ց C. Opris , a (Bitdefender) Automatic Code Features Extraction Using Bio-inspired Algorithms November 18, 2013 5 / 25

  15. 2. Objectives Agenda Introduction 1 Objectives 2 OpCodes Extraction and Normalization 3 Automatic Filters Selection 4 Experimental results 5 Conclusions and future work 6 C. Opris , a (Bitdefender) Automatic Code Features Extraction Using Bio-inspired Algorithms November 18, 2013 6 / 25

  16. 2. Objectives Objectives Goal Improve detection on .NET malware by filtering the OpCodes to extract more meaningful n-grams. Extract OpCode sequences from .NET applications. Eliminate unreachable code. Design a fitness function to evaluate the quality of an OpCode filter. Use bio-inspired algorithms to find the best filter. C. Opris , a (Bitdefender) Automatic Code Features Extraction Using Bio-inspired Algorithms November 18, 2013 7 / 25

  17. 3. OpCodes Extraction and Normalization Agenda Introduction 1 Objectives 2 OpCodes Extraction and Normalization 3 Automatic Filters Selection 4 Experimental results 5 Conclusions and future work 6 C. Opris , a (Bitdefender) Automatic Code Features Extraction Using Bio-inspired Algorithms November 18, 2013 8 / 25

  18. 3. OpCodes Extraction and Normalization Parsing and disassembling .NET === Method 4: name=’mpress._::Main’; RVA=0x0000254C; FA=0x0000074C; size=0x9A === = Exception handlers: 000025D6; = An extension of the 0000254C: [00] nop 0000254D: [28 0E 00 00 0A] call 0x0A00000E Microsoft Portable 00002552: [12 00] ldloca.s 0x00 00002554: [28 03 00 00 06] call 0x06000003 Executable format 00002559: [13 06] stloc.s 0x06 0000255B: [11 06] ldloc.s 0x06 0000255D: [2D 10] brtrue.s 0x10 Many, many tables 0000255F: [00] nop 00002560: [72 01 00 00 70] ldstr 0x70000001 00002565: [72 23 00 00 70] ldstr 0x70000023 0000256A: [28 0F 00 00 0A] call 0x0A00000F 0000256F: [26] pop 00002570: [15] ldc.i4.m1 00002571: [13 05] stloc.s 0x05 00002573: [2B 02] br.s 0x02 00002575: [26] pop 00002576: [06] ldloc.0 00002577: [28 10 00 00 0A] call 0x0A000010 0000257C: [80 01 00 00 04] stsfld 0x04000001 00002581: [7E 01 00 00 04] ldsfld 0x04000001 00002586: [6F 11 00 00 0A] callvirt 0x0A000011 0000258B: [0B] stloc.1 ... C. Opris , a (Bitdefender) Automatic Code Features Extraction Using Bio-inspired Algorithms November 18, 2013 9 / 25

  19. 3. OpCodes Extraction and Normalization Parsing and disassembling .NET === Method 4: name=’mpress._::Main’; RVA=0x0000254C; FA=0x0000074C; size=0x9A === = Exception handlers: 000025D6; = An extension of the 0000254C: [00] nop 0000254D: [28 0E 00 00 0A] call 0x0A00000E Microsoft Portable 00002552: [12 00] ldloca.s 0x00 00002554: [28 03 00 00 06] call 0x06000003 Executable format 00002559: [13 06] stloc.s 0x06 0000255B: [11 06] ldloc.s 0x06 0000255D: [2D 10] brtrue.s 0x10 Many, many tables 0000255F: [00] nop 00002560: [72 01 00 00 70] ldstr 0x70000001 00002565: [72 23 00 00 70] ldstr 0x70000023 0000256A: [28 0F 00 00 0A] call 0x0A00000F 0000256F: [26] pop 00002570: [15] ldc.i4.m1 00002571: [13 05] stloc.s 0x05 00002573: [2B 02] br.s 0x02 00002575: [26] pop 00002576: [06] ldloc.0 00002577: [28 10 00 00 0A] call 0x0A000010 0000257C: [80 01 00 00 04] stsfld 0x04000001 00002581: [7E 01 00 00 04] ldsfld 0x04000001 00002586: [6F 11 00 00 0A] callvirt 0x0A000011 0000258B: [0B] stloc.1 ... C. Opris , a (Bitdefender) Automatic Code Features Extraction Using Bio-inspired Algorithms November 18, 2013 9 / 25

  20. 3. OpCodes Extraction and Normalization Parsing and disassembling .NET === Method 4: name=’mpress._::Main’; RVA=0x0000254C; FA=0x0000074C; size=0x9A === = Exception handlers: 000025D6; = An extension of the 0000254C: [00] nop 0000254D: [28 0E 00 00 0A] call 0x0A00000E Microsoft Portable 00002552: [12 00] ldloca.s 0x00 00002554: [28 03 00 00 06] call 0x06000003 Executable format 00002559: [13 06] stloc.s 0x06 0000255B: [11 06] ldloc.s 0x06 0000255D: [2D 10] brtrue.s 0x10 Many, many tables 0000255F: [00] nop 00002560: [72 01 00 00 70] ldstr 0x70000001 00002565: [72 23 00 00 70] ldstr 0x70000023 0000256A: [28 0F 00 00 0A] call 0x0A00000F 0000256F: [26] pop 00002570: [15] ldc.i4.m1 00002571: [13 05] stloc.s 0x05 00002573: [2B 02] br.s 0x02 00002575: [26] pop 00002576: [06] ldloc.0 00002577: [28 10 00 00 0A] call 0x0A000010 0000257C: [80 01 00 00 04] stsfld 0x04000001 00002581: [7E 01 00 00 04] ldsfld 0x04000001 00002586: [6F 11 00 00 0A] callvirt 0x0A000011 0000258B: [0B] stloc.1 ... C. Opris , a (Bitdefender) Automatic Code Features Extraction Using Bio-inspired Algorithms November 18, 2013 9 / 25

Recommend

Automatic text classification and extraction of Automatic text classification and extraction of

Automatic text classification and extraction of Automatic text classification and extraction of

Automatic text classification and extraction of Automatic text classification and extraction of entities and their properties from the text entities and their properties from the text Anton Kolonin Webstructor project 2015, SIBIRCON/SibMedInfo

1.01k views • 16 slides
BBN VISER TRECVID MED 11 System 1/12/2012 1 Outline Overview Feature Extraction

BBN VISER TRECVID MED 11 System 1/12/2012 1 Outline Overview Feature Extraction

BBN VISER TRECVID MED 11 System 1/12/2012 1 Outline Overview Feature Extraction Low-level Features High-level Features: Objects and Concepts Automatic Speech Recognition (ASR) Features Videotext OCR Event Detection

719 views • 42 slides
Automatic Extraction From Automatic Extraction From and Reasoning About and Reasoning About

Automatic Extraction From Automatic Extraction From and Reasoning About and Reasoning About

Automatic Extraction From Automatic Extraction From and Reasoning About and Reasoning About Genealogical Records: A Genealogical Records: A Prototype Prototype By By Charla J. Woodbury,* David W . Embley,* Stephen W . Charla J.

699 views • 34 slides
Rhine Overview of Rhine - Lisp style language - Automatic type inspired by Clojure conversion

Rhine Overview of Rhine - Lisp style language - Automatic type inspired by Clojure conversion

Rhine Overview of Rhine - Lisp style language - Automatic type inspired by Clojure conversion - S-Expressions - First class functions - Built on top of LLVM - External C bindings - Dynamic typing - Types - Functional features Example:

326 views • 11 slides
Feature Extraction 7-1 Ronald Peikert SciVis 2008 - Feature Extraction What are features?

Feature Extraction 7-1 Ronald Peikert SciVis 2008 - Feature Extraction What are features?

Feature Extraction 7-1 Ronald Peikert SciVis 2008 - Feature Extraction What are features? Features are inherent properties of data, independent of coordinate frames etc. Dimension of a feature: 0: point feature (often defined by n

322 views • 30 slides
Feature Extraction 7-1 Ronald Peikert SciVis 2007 - Feature Extraction What are features?

Feature Extraction 7-1 Ronald Peikert SciVis 2007 - Feature Extraction What are features?

Feature Extraction 7-1 Ronald Peikert SciVis 2007 - Feature Extraction What are features? Features are inherent properties of data, independent of coordinate frames etc. Dimension of a feature: 0: point feature (often defined by n

840 views • 30 slides
Introduction The automatic detection and extraction of Semantic Relations is a crucial step to

Introduction The automatic detection and extraction of Semantic Relations is a crucial step to

Causal Relation Extraction Eduardo Blanco, Nuria Castell, Dan Moldovan HLT Research Institute, TALP Research Centre, Lymba Corporation LREC 2008, Marrakech Introduction The automatic detection and extraction of Semantic Relations is a

285 views • 16 slides
Automatic Wrapper Generation and Data Extraction Kristina Lerman University of Southern

Automatic Wrapper Generation and Data Extraction Kristina Lerman University of Southern

Automatic Wrapper Generation and Data Extraction Kristina Lerman University of Southern California August 25, 2010 University of Southern California 1 Automatic Data Extraction Data extraction with wrappers Users specifies the schema

765 views • 40 slides
Reducing Over-generation Errors for Automatic Keyphrase Extraction using Integer Linear

Reducing Over-generation Errors for Automatic Keyphrase Extraction using Integer Linear

Reducing Over-generation Errors for Automatic Keyphrase Extraction using Integer Linear Programming Florian Boudin LINA - UMR CNRS 6241, Universit de Nantes, France Keyphrase 2015 1 / 22 Errors made by keyphrase extraction systems

246 views • 22 slides
Compilation Techniques for Automatic Extraction of Parallelism and Locality in Heterogeneous

Compilation Techniques for Automatic Extraction of Parallelism and Locality in Heterogeneous

Compilation Techniques for Automatic Extraction of Parallelism and Locality in Heterogeneous Architectures Jos M. Andin P H D A DVISORS : Gabriel Rodrguez and Manuel Arenaz Outline 1. Introduction 2. A Novel Compiler Support for

1.55k views • 122 slides
fml Introduction Features Code Example Summary Outline Introduction 1 Features 2 Code

fml Introduction Features Code Example Summary Outline Introduction 1 Features 2 Code

Introduction Features Code Example Summary The SHOGUN Machine Learning Toolbox (and its R interface) oren Sonnenburg 1 , 2 , Gunnar R atsch 2 ,Sebastian Henschel 2 , S Christian Widmer 2 ,Jonas Behr 2 ,Alexander Zien 2 ,Fabio De Bona 2

637 views • 20 slides
CERMINE automatic extraction of metadata and references from scientific literature Dominika

CERMINE automatic extraction of metadata and references from scientific literature Dominika

CERMINE automatic extraction of metadata and references from scientific literature Dominika Tkaczyk, Pawel Szostek, Piotr Jan Dendek, Mateusz Fedoryszak and Lukasz Bolikowski Interdisciplinary Centre for Mathematical and Computational

355 views • 21 slides
Automatic Extraction of Road Intersection Position, Connectivity , and Orientations from Raster

Automatic Extraction of Road Intersection Position, Connectivity , and Orientations from Raster

Automatic Extraction of Road Intersection Position, Connectivity , and Orientations from Raster Maps Yao-Yi Chiang and Craig Knoblock University of Southern California D epartment of Computer Science and Information Sciences Institute 0

880 views • 57 slides
+ Event Detection Automatic Extraction of Archaeological Events from Text Wenbin Li

+ Event Detection Automatic Extraction of Archaeological Events from Text Wenbin Li

+ Event Detection Automatic Extraction of Archaeological Events from Text Wenbin Li littletransformer@gmail.com The Saarbrcken Graduate School of Computer Science + Outline Overview Background Semantic web Natural language

228 views • 22 slides
Automatic Extraction of Conceptual Interoperability Constraints from API Documentation Master

Automatic Extraction of Conceptual Interoperability Constraints from API Documentation Master

Automatic Extraction of Conceptual Interoperability Constraints from API Documentation Master Thesis Mohammed Abujayyab First supervisor: Prof. Dr. Dr. h.c. H. Dieter Rombach Second supervisor: Hadil Abukwaik, MSc . 13.04.2016 Outline

833 views • 44 slides
Automatic Extraction of Road Intersections from Raster Maps Yao-Yi Chiang, Craig A. Knoblock

Automatic Extraction of Road Intersections from Raster Maps Yao-Yi Chiang, Craig A. Knoblock

Automatic Extraction of Road Intersections from Raster Maps Yao-Yi Chiang, Craig A. Knoblock and Ching-Chien Chen University of Southern California Department of Computer Science and Information Sciences Institute Outline Introduction

842 views • 35 slides
Automatic Glomerulus Extraction in Whole Slide Images Towards Computer Aided Diagnosis Yan Zhao

Automatic Glomerulus Extraction in Whole Slide Images Towards Computer Aided Diagnosis Yan Zhao

Automatic Glomerulus Extraction in Whole Slide Images Towards Computer Aided Diagnosis Yan Zhao 1 , Edgar Black 1 , Kenton McHenry 1 , Rachana Patil 3 , Andre Balla 3 and Amelia Norma Kenyon 2 Bartholomew 3 1 National Center for Supercomputing

508 views • 16 slides
Automatic Extraction of Sliced Object State Machines for Component Interfaces Tao Xie David

Automatic Extraction of Sliced Object State Machines for Component Interfaces Tao Xie David

Automatic Extraction of Sliced Object State Machines for Component Interfaces Tao Xie David Notkin Dept. of Computer Science &amp; Engineering University of Washington, Seattle SAVCBS 04 Oct. 2004 1 Motivation Software components

303 views • 29 slides
Thresholds for methods of automatic extraction of time series trend and periodical components with

Thresholds for methods of automatic extraction of time series trend and periodical components with

Thresholds for methods of automatic extraction of time series trend and periodical components with the help of the Caterpillar-SSA approach Th.Alexandrov, N.Golyandina theo@pdmi.ras.ru, nina@ng1174.spb.edu St.Petersburg State University

180 views • 14 slides
Automatic Collocation Extraction from Text Corpora Pavel Pecina Ustav form aln a

Automatic Collocation Extraction from Text Corpora Pavel Pecina Ustav form aln a

Outline Automatic Collocation Extraction from Text Corpora Pavel Pecina Ustav form aln a aplikova ne lingvistiky MFF UK Praha May 17, 2004 Pavel Pecina Automatic Collocation Extraction from Text Corpora Outline Outline 1

476 views • 45 slides
Automatic Highlights Extraction in Cricket Anjani Kumar(11101) Guided By: Sumedh

Automatic Highlights Extraction in Cricket Anjani Kumar(11101) Guided By: Sumedh

CS365A - ARTIFICIAL INTELLIGENCE Project Proposal Automatic Highlights Extraction in Cricket Anjani Kumar(11101) Guided By: Sumedh Masulkar(11736) Dr. Amitabha Mukerjee Aim Extracting highlights automatically from a sports video using

347 views • 23 slides
Automatic extraction of paraphrasing rules: A survey and plans for future work Prodromos

Automatic extraction of paraphrasing rules: A survey and plans for future work Prodromos

Automatic extraction of paraphrasing rules: A survey and plans for future work Prodromos Malakasiotis, Ph.D. student Department of Informatics Athens University of Economics and Business rulller@aueb.gr 1 What is Paraphrasing? X is

497 views • 24 slides
Extraction of information in large graphs Automatic search for synonyms Pierre Senellart, under

Extraction of information in large graphs Automatic search for synonyms Pierre Senellart, under

Extraction of information in large graphs Automatic search for synonyms Pierre Senellart, under the direction of Prof. Vincent Blondel June 5th 2001 - August 3rd 2001 The dictionary graph Computation (n.) The act or process of computing;

497 views • 26 slides
Automatic Extraction of Object-Oriented Observer Abstractions from Unit-Test Executions Tao Xie

Automatic Extraction of Object-Oriented Observer Abstractions from Unit-Test Executions Tao Xie

Automatic Extraction of Object-Oriented Observer Abstractions from Unit-Test Executions Tao Xie David Notkin Dept. of Computer Science &amp; Engineering University of Washington, Seattle Nov. 2004 ICFEM 04, Seattle 1 of 24 Motivation

477 views • 25 slides

More recommend