Malware phylogeny oriented to libraries analysis

Authors

  • Juan Manuel Gutiérrez-Cárdenas Universidad de Lima (Perú)
  • Leopoldo Lenin Orihuela Caltec (Perú)

DOI:

https://doi.org/10.26439/interfases2016.n009.1241

Keywords:

malware, chains similarity, phylogeny

Abstract

In the field of computational biology, phylogeny is used to recognize the existing similarity between various species as well as the evolution engine (force) that has enabled these species to show modifications as time goes by. The use of these phylogeny techniques with a focus on computer viruses has allowed the finding of similarities between different malware families. This study presents the implementation of a proof of concept through the application of a technique used in the bioinformatics field, as is the case of the Neighbor Joining algorithm designed for the analysis of a group of computer samples. The aim will be to detect the similarity between the gathered samples, considering the similarity between the libraries of the system that uses this kind of programs.

 

 

Downloads

Download data is not yet available.

Author Biography

  • Juan Manuel Gutiérrez-Cárdenas, Universidad de Lima (Perú)

    Ingeniero de Sistemas por la Universidad Católica de Santa María; MSc. por la University of Helsinki en Finlandia en la especialidad de Bioinformática, grado otorgado por el Department of Computer Science de dicha universidad. PhD(c) por la University of South Africa en Computer Science Education. Higher Diploma in Computer Science por la University of the Witwatersrand, Sudáfrica. Cuenta con publicaciones en los campos de educación en computación, seguridad informática y bioinformática, en congresos y revistas de la especialidad. Investigador DINA y Regina calificado por Concytec. Se ha desempeñado como asesor en asuntos curriculares en diversas universidades de prestigio de la ciudad de Lima.

References

Aycock, J. (2006). Computer Viruses and Malware. Nueva York: Springer.

Carrera, E., Erdélyi, G. (2004). Digital Genome Mapping-Advanced Binary Malware Analysis. Virus Bulletin Conference, (pp.187-197).

Filiol, E. (2005). Computer Viruses: From Theory to Applications. París: Springer-Verlag.

Gheorghescu, M. (2005). An Automated Virus Classification system. Virus Bulletin Conference, (pp.294-300).

Goldberg, L., Goldberg, P., Phillips, C., y Sorkin, G. (1998). Constructing Computer Virus Phylogenies. Journal of Algorithms, 26(1), 188-208.

Haubold, B., y Wiehe, T. (2006). Introduction to Computational Biology: An Evolutionary Approach. Basel, Suiza: Birkhäuser Verlag.

HexEdit (Versión 4.0) [Software] (2012). Recuperado de http://www.hexedit.com/

Karim, E., Walenstein, A., Lakhotia, A, Parida, L. (2005). Malware Phylogeny Generation Using Permutations of Code. European Research Journal of Computer Virology, 1(1) 13-23.

Khoo, W. y Lió, P. (2011). Unity in Diversity: Phylogenetic-Inspired Techniques for Reverse Engineering and Detection of Malware Families. 2011 First SysSec Workshop, 3-10. IEEE Xplore. DOI:10.1109/SysSec.2011.24

Mimail.(s.f.). En The Virus Encyclopedia. Recuperado de http://virus.wikidot.com/mimail

Mount, D. (2001). Bioinformatics: Sequence and Genome Analysis. Nueva York: Cold Spring Harbor Laboratory Press.

Myers, E. (1986). An O(ND) Difference Algorithm and its Variations, Algorithmica, 1, 251-266.

Needleman, S. y Wunsch, C. (1970). A General Method Applicable to the Search for Similarities in the Amino Acid Sequence of Two Proteins. Journal of Molecular Biology, 48(3), 443-453.

NJPlot (Versión 2.3) [Software] (2015). Recuperado de http://njplot.software.informer.com/download/

PEBrowse64 Professional [Software] (2016). Recuperado de: http://www.smidgeonsoft.prohosting.com/pebrowse-pro-file-viewer.html

Podrezov, A. (2003). Mimail.K. Threat Description. F-Secure. Recuperado de https://www.f-secure.com/v-descs/mimail_k.shtml

Saitou, N. y Nei, M. (1987). The Neighbor-Joining Method: a New Method for Reconstructing Phylogenetic Trees. Molecular Biology and Evolution, 4(4), 406-425.

Symantec (2007a). W32.Blaster.F.Worm. Recuperado de https://www.symantec.com/security_response/writeup.jsp?docid=2003-090105-2513-99

Symantec (2007b). W32.Mydoom.A@mm. Recuperado de https://www.symantec.com/security_response/writeup.jsp?docid=2004-012612-5422-99&tabid=2

What is the Blaster Worm? (s.f.). En Techopedia. Recuperado de https://www.techopedia.com/definition/27295/blaster-worm

The Newick tree format. (s.f.). En Phylip. Recuperado de http://evolution.genetics.washington.edu/phylip/newicktree.html

WinHex (2016) [Software]. Recuperado de https://www.x-ways.net/winhex/

Downloads

Published

2016-03-29

Issue

No. 009 (2016)

Section

Research papers

License

Authors who publish with this journal agree to the following terms:

Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under an Attribution 4.0 International (CC BY 4.0) License. that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).

 

Last updated 03/05/21

How to Cite

Malware phylogeny oriented to libraries analysis. (2016). Interfases, 9(009), 67-86. https://doi.org/10.26439/interfases2016.n009.1241

Most read articles by the same author(s)