Special Offers
- Acquire a Source of Open Access (OA) APC Funding for Your Institution Through
  IGI Global's OA Fee Waiver (Offset Model) Initiative
  For any library that invests in IGI Global's InfoSci-Books and/or InfoSci-Journals databases, IGI Global will match the library’s investment with a fund of equal value to go toward subsidizing the OA APCs for their faculty patrons when their work is submitted/accepted under OA into an IGI Global journal.
  Learn More
- Subscribe to the Latest Research Through IGI Global's InfoSci-OnDemand Plus
  InfoSci®-OnDemand Plus, a subscription-based service, provides researchers the ability to access full-text content from over 100,000+ peer-reviewed book chapters and 25,000+ scholarly journal articles that spans across 350+ topics in 11 core subjects. Users can select articles or chapters that meet their interests and gain access to the full content permanently in their personal online InfoSci-OnDemand Plus library.
  Subscribe
- Purchase the Encyclopedia of Information Science and Technology, Fourth Edition
  and Receive Complimentary E-Books of Previous Editions
  When ordering directly through IGI Global's Online Bookstore, receive the complimentary e-books for the first, second, and third editions with the purchase of the Encyclopedia of Information Science and Technology, Fourth Edition e-book.
  Purchase
- Create a Free IGI Global Library Account to Receive an Additional 5% Discount on All Purchases
  Exclusive benefits include one-click shopping, flexible payment options, free COUNTER 5 reports and MARC records, and a 5% discount on single all titles, as well as the award-winning InfoSci^®-Databases.
  Sign Up Now!
- Receive a 20% Discount on All Publications Purchased Through
  IGI Global’s Online Bookstore
  This discount cannot be combined with any other offer and is only valid when purchasing directly through IGI Global. (Exclusion of select titles and products may apply).
  Browse Publications
Books
Journals
InfoSci^®-Databases
Articles/Chapters
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - Researchers
  - Browse Books
  - Browse Journals
  - Search Open Access Content
  - Streaming Videos
  - OnDemand Downloads
  - Webinars
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - Fair Use Policy
  - Open Access Publishing
  - Editorial Services
  - FAQ
  - Distributors
  - Distributor Resources
  - Book Distributors
  - Journal Subscription Agencies
  - E-Resource Partners
Catalogs
About Us
Newsroom

Using Executable Slicing to Improve Rogue Software Detection Algorithms

Jan Durand (Louisiana Tech University, USA), Juan Flores (Louisiana Tech University, USA), Travis Atkison (Louisiana Tech University, USA), Nicholas Kraft (University of Alabama, USA) and Randy Smith (University of Alabama, USA)

Source Title: Developing and Evaluating Security-Aware Software Systems

DOI: 10.4018/978-1-4666-2482-5.ch007

OnDemand PDF Download:

$37.50

Abstract

This paper describes a research effort to use executable slicing as a pre-processing aid to improve the prediction performance of rogue software detection. The prediction technique used here is an information retrieval classifier known as cosine similarity that can be used to detect previously unknown, known or variances of known rogue software by applying the feature extraction technique of randomized projection. This paper provides direction in answering the question of is it possible to only use portions or subsets, known as slices, of an application to make a prediction on whether or not the software contents are rogue. This research extracts sections or slices from potentially rogue applications and uses these slices instead of the entire application to make a prediction. Results show promise when applying randomized projections to cosine similarity for the predictions, with as much as a 4% increase in prediction performance and a five-fold decrease in processing time when compared to using the entire application.

Chapter Preview

Top

2. Background

Developing effective potential solutions to the malicious software detection problem is an important direction in host security research. There have been few research papers, (Kang, Poosankam, & Yin, 2007; Perdisci, Lanzi, & Lee, 2008) are good examples, that pose the option of executable slicing while looking at malicious detection. Though their focus is directed toward packed executables, the focus of this paper is to show that statically analyzing sections or slices of an executable will improve prediction rates of non-packed, stand-alone executables. It is important to understand the methods and techniques that are used for these predictions. Since the randomized projection technique in this solution is used in conjunction with an information retrieval prediction algorithm we will include a small background on information retrieval as well as static analysis.

Complete Chapter List

Search this Book:

Reset

MLA

APA

Chicago

Export Reference

Using Executable Slicing to Improve Rogue Software Detection Algorithms

Abstract

2. Background

Complete Chapter List