 |
 |
 |
 |
 |
 |
|
| |
|
|
| |
| Abstract |
| |
|
Paper
Title
|
Use
of Statistic Methods for Fighting Malware
|
|
Author(s)
|
Zdenek
Breitenbacher (Czech Republic), Malware Researcher, AVG
Technologies.
|
|
Time
|
12 December, Friday, 11:35 - 12:15.
|
|
|
|
|
Let's see
how to set process algorithms for an expert analyzing a
suspect file. Based on these algorithms we shall further
see to how to automatically create reliable search
definitions without any need of manual assistance. We
will demonstrate statistical methods that can be used by
the automated software to predict those parts of the
program code, where the information density is highest
and the code itself quite unique.
The same principle will help us to avoid spots where the
information is least interesting and can be replaced
without any effect on the program functionality.
On a model sample, we will examine how to use the same
statistical methods to detect polymorphic viruses. We
will compare a clean program code with the same program
mode after this has been attacked by a polymorphic
virus. In well-arranged graphs we will show how the
virus attack typically changes some statistical
quantities describing the program code.
Finally we will suggest some next spheres of the anti -
malware fight where we can effectively use these
statistical methods. |
| |
|
| |
|
