Recent Trends in Computer Applications by Jihad Mohamad Alja’am & Abdulmotaleb El Saddik & Abdul Hamid Sadka
Author:Jihad Mohamad Alja’am & Abdulmotaleb El Saddik & Abdul Hamid Sadka
Language: eng
Format: epub
ISBN: 9783319899145
Publisher: Springer International Publishing
3.2 Approximate Pattern Matching
The method described above has some limitations: it requires the scan engine to load the signatures in their fullest form in order to perform an exact match. For simple, 32-bit hashes used for malware signature lookup we can expect to have regular collisions that have to be solved down the line by performing byte-to-byte comparisons. Given the nature of the algorithm we can expect to have a match for one out of one million bytes, regardless of the nature of the input. This means that we will have to perform an extra check for roughly 1 MB of scanned content. While this does not influence the scan speed significantly, it does impact memory consumption, as the large signature database has to be carried around for these extra checks. This makes deployment problematic for low-end devices because it ties down an amount of memory proportional to the size of the signature database.
To solve this problem, the scan engine would have to fully rely on hashes for matching incoming traffic against the malware database. This procedure is not 100% accurate, but can provide a solution that can satisfy the current needs within a reasonable degree of certainty. In this case, the scan engine would no longer perform byte-level comparisons to determine if a match is a false positive or not, instead relying on a combination of hashes and to determine the final result. Given the a token size of 256 bytes for a malware signature, we can look for hash functions that have a good spread and are easy to compute.
A solution would be to use the same hash function at different offsets. The malware signature would be preprocessed and the hash values would be stored in the process’s memory instead of the actual contents. This method would allow our algorithm to reuse the latter computation at different stages of the detection process and would significantly reduce the memory footprint.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Algorithms of the Intelligent Web by Haralambos Marmanis;Dmitry Babenko(8332)
Test-Driven Development with Java by Alan Mellor(7022)
Data Augmentation with Python by Duc Haba(6944)
Principles of Data Fabric by Sonia Mezzetta(6677)
Learn Blender Simulations the Right Way by Stephen Pearson(6587)
Microservices with Spring Boot 3 and Spring Cloud by Magnus Larsson(6446)
Hadoop in Practice by Alex Holmes(5977)
RPA Solution Architect's Handbook by Sachin Sahgal(5838)
Jquery UI in Action : Master the concepts Of Jquery UI: A Step By Step Approach by ANMOL GOYAL(5831)
The Infinite Retina by Robert Scoble Irena Cronin(5540)
Big Data Analysis with Python by Ivan Marin(5507)
Life 3.0: Being Human in the Age of Artificial Intelligence by Tegmark Max(5182)
Pretrain Vision and Large Language Models in Python by Emily Webber(4470)
Infrastructure as Code for Beginners by Russ McKendrick(4258)
Functional Programming in JavaScript by Mantyla Dan(4059)
The Age of Surveillance Capitalism by Shoshana Zuboff(3981)
WordPress Plugin Development Cookbook by Yannick Lefebvre(3963)
Embracing Microservices Design by Ovais Mehboob Ahmed Khan Nabil Siddiqui and Timothy Oleson(3766)
Applied Machine Learning for Healthcare and Life Sciences Using AWS by Ujjwal Ratan(3741)
