TY - GEN
T1 - FPGA-based static analysis tool for detecting malicious binaries
AU - Guinde, Nitesh B.
AU - Tang, Xin
AU - Sutaria, Ronak
AU - Ziavras, Sotirios G.
AU - Manikopoulos, Constantine N.
PY - 2010
Y1 - 2010
N2 - The detection of malicious files is an important component of any intrusion detection system. Due to increases in network speeds and new worms being discovered frequently, there arises a need to detect worms on the fly without totally relying on signatures. There are methods available for detecting malicious files by looking into the dynamic behavior of the files. However, in most of these cases the file has to be either run in a dynamic environment or has to be disassembled to look at its content. We present here a novel method to look at the files without the need of executing or disassembling them. We also provide a framework that implements our method on Field Programmable Gate Arrays (FPGAs). We use a novel approach to identify byte-patterns that can be used to do static analysis of binaries. Our FPGA implementation can detect worms at multi-gigabit rates and also provides us with a tool that can help us carry out systematic, real time analysis and detection of malicious binaries.
AB - The detection of malicious files is an important component of any intrusion detection system. Due to increases in network speeds and new worms being discovered frequently, there arises a need to detect worms on the fly without totally relying on signatures. There are methods available for detecting malicious files by looking into the dynamic behavior of the files. However, in most of these cases the file has to be either run in a dynamic environment or has to be disassembled to look at its content. We present here a novel method to look at the files without the need of executing or disassembling them. We also provide a framework that implements our method on Field Programmable Gate Arrays (FPGAs). We use a novel approach to identify byte-patterns that can be used to do static analysis of binaries. Our FPGA implementation can detect worms at multi-gigabit rates and also provides us with a tool that can help us carry out systematic, real time analysis and detection of malicious binaries.
KW - Field Programmable Gate Array(FPGA)
KW - Malicious worms
KW - Static analysis
UR - http://www.scopus.com/inward/record.url?scp=77952637840&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77952637840&partnerID=8YFLogxK
U2 - 10.1109/ICCAE.2010.5451703
DO - 10.1109/ICCAE.2010.5451703
M3 - Conference contribution
AN - SCOPUS:77952637840
SN - 9781424455850
T3 - 2010 The 2nd International Conference on Computer and Automation Engineering, ICCAE 2010
SP - 639
EP - 643
BT - 2010 The 2nd International Conference on Computer and Automation Engineering, ICCAE 2010
T2 - 2nd International Conference on Computer and Automation Engineering, ICCAE 2010
Y2 - 26 February 2010 through 28 February 2010
ER -