ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Visualizing windows executable viruses using self-organizing maps
Full text PdfPdf (571 KB)
Source Conference on Computer and Communications Security archive
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security table of contents
Washington DC, USA
SESSION: VizSEC innovative visualizations session table of contents
Pages: 82 - 89  
Year of Publication: 2004
ISBN:1-58113-974-8
Author
InSeon Yoo  University of Fribourg
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 19,   Downloads (12 Months): 95,   Citation Count: 0
Additional Information:

abstract   references   index terms  

Tools and Actions: Review this Article  
Save this Article to a Binder    Display Formats: BibTex  EndNote ACM Ref   
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1029208.1029222
What is a DOI?

ABSTRACT

This paper concentrates on visualizing computer viruses without using virus specific signature information as a prior stage of the very important problem of detecting computer viruses. In this paper, we address the fact that each viruses have its own character to be distinguished although it is inserted in the executable file. They cannot hide their own feature through the SOM visualization; this feature is like a DNA to determine an individual's unique genetic code. We present how virus codes affect the whole program projection. Without each virus signature, we present how the virus pattern in Windows executable files tells us their family. We show that the variant of each virus also can be covered with each virus mask, which is produced by SOM. We also present the file structure based SOMs of Windows executable files.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Esa Alhoniemi, Johan Himberg, Jukka Parviainen and Juha Vesanto: SOM Toolbox 2.0, a software library for Matlab, SOM Toolbox team, Laboratory of Computer and Information Science, Finland, 2002.
 
2
Teuvo Kohonen, Self-organizing maps, Springer-Verlag New York, Inc., Secaucus, NJ, 1997
 
3
Teuvo Kohonen, Comparison of SOM point densities based on different criteria, Neural Computation, v.11 n.9, p.2081-2095, Nov. 15, 1999
 
4
MATHWORKS: The Mathworks, Inc., MATLAB, 2003.
 
5
M.Samamura: W95.CIH, Volume Expanded Threat List and Virus Encyclopaedia, Symantec Antivirus Researcdh Center, 1998.
 
6
Charles P. Pfleeger, Security in computing, Prentice-Hall, Inc., Upper Saddle River, NJ, 1996
 
7
R.Wang: Flash in the pan?, Virus Bulletin, Virus Analysis Library, 1998.

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Invasive software (e.g., viruses, worms, Trojan horses)

Additional Classification:
  I. Computing Methodologies
  I.2 ARTIFICIAL INTELLIGENCE
      I.2.6 Learning
          Subjects: Connectionism and neural nets
  I.5 PATTERN RECOGNITION
      I.5.2 Design Methodology
          Subjects: Pattern analysis


General Terms:
Security


Keywords:
self-organizing maps, visualization, windows executable viruses


The ACM Portal is published by the Association for Computing Machinery. Copyright © 2008 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player