FPGA-based static analysis tool for detecting malicious binaries

Nitesh B. Guinde, Xin Tang, Ronak Sutaria, Sotirios G. Ziavras, Constantine N. Manikopoulos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The detection of malicious files is an important component of any intrusion detection system. Due to increases in network speeds and new worms being discovered frequently, there arises a need to detect worms on the fly without totally relying on signatures. There are methods available for detecting malicious files by looking into the dynamic behavior of the files. However, in most of these cases the file has to be either run in a dynamic environment or has to be disassembled to look at its content. We present here a novel method to look at the files without the need of executing or disassembling them. We also provide a framework that implements our method on Field Programmable Gate Arrays (FPGAs). We use a novel approach to identify byte-patterns that can be used to do static analysis of binaries. Our FPGA implementation can detect worms at multi-gigabit rates and also provides us with a tool that can help us carry out systematic, real time analysis and detection of malicious binaries.

Original languageEnglish (US)
Title of host publication2010 The 2nd International Conference on Computer and Automation Engineering, ICCAE 2010
Pages639-643
Number of pages5
DOIs
StatePublished - 2010
Event2nd International Conference on Computer and Automation Engineering, ICCAE 2010 - Singapore, Singapore
Duration: Feb 26 2010Feb 28 2010

Publication series

Name2010 The 2nd International Conference on Computer and Automation Engineering, ICCAE 2010
Volume2

Other

Other2nd International Conference on Computer and Automation Engineering, ICCAE 2010
CountrySingapore
CitySingapore
Period2/26/102/28/10

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Computer Science Applications
  • Control and Systems Engineering

Keywords

  • Field Programmable Gate Array(FPGA)
  • Malicious worms
  • Static analysis

Fingerprint Dive into the research topics of 'FPGA-based static analysis tool for detecting malicious binaries'. Together they form a unique fingerprint.

Cite this