An Extension of Data Flow Analysis for Detecting Polymorphic Script Virus


The KIPS Transactions:PartC, Vol. 10, No. 7, pp. 843-850, Dec. 2003
10.3745/KIPSTC.2003.10.7.843,   PDF Download:

Abstract

Script viruses are easy to make a variation because they can be built easily and be spread in text format. Thus signature-based method has a limitation in detecting script viruses. In a consequence, many researches suggest simple heuristic methods, but high false-positive error is always being an obstacle. In order to overcome this problem, our previous study concentrated on analyzing data flow of codes and has low-false positive error, but still could not detect a polymorphic virus because polymorphic virus loads self body and changes it before make a descendent. We suggest a heuristic detection method which expands the detection range of previous method to include polymorphic script viruses. Expanded data flow analysis heuristic has an expanded grammar to detect polymorphic copy propagation. Finally, we will show the experimental result for the effectiveness of suggested method.Script viruses are easy to make a variation because they can be built easily and be spread in text format. Thus signature-based method has a limitation in detecting script viruses. In a consequence, many researches suggest simple heuristic methods, but high false-positive error is always being an obstacle. In order to overcome this problem, our previous study concentrated on analyzing data flow of codes and has low-false positive error, but still could not detect a polymorphic virus because polymorphic virus loads self body and changes it before make a descendent. We suggest a heuristic detection method which expands the detection range of previous method to include polymorphic script viruses. Expanded data flow analysis heuristic has an expanded grammar to detect polymorphic copy propagation. Finally, we will show the experimental result for the effectiveness of suggested method.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
K. C. Min, L. H. Jun, L. S. Ug, H. M. Pyo, "An Extension of Data Flow Analysis for Detecting Polymorphic Script Virus," The KIPS Transactions:PartC, vol. 10, no. 7, pp. 843-850, 2003. DOI: 10.3745/KIPSTC.2003.10.7.843.

[ACM Style]
Kim Cheol Min, Lee Hyeong Jun, Lee Seong Ug, and Hong Man Pyo. 2003. An Extension of Data Flow Analysis for Detecting Polymorphic Script Virus. The KIPS Transactions:PartC, 10, 7, (2003), 843-850. DOI: 10.3745/KIPSTC.2003.10.7.843.