Identification of executable files on the basis of statistical criteria

Irina E. Krivtsova; Ilya S. Lebedev; Kseniya I. Salakhutdinova

doi:10.23919/FRUCT.2017.8071312

Proceedings of the XXth Conference of Open Innovations Association FRUCT (Apr 2017)

Identification of executable files on the basis of statistical criteria

Irina E. Krivtsova,
Ilya S. Lebedev,
Kseniya I. Salakhutdinova

Affiliations

Irina E. Krivtsova: Saint Petersburg National Research University of Information Technologies, Mechanics and Optics (ITMO University), Saint-Petersburg, Russia
Ilya S. Lebedev: Saint Petersburg National Research University of Information Technologies, Mechanics and Optics (ITMO University), Saint-Petersburg, Russia
Kseniya I. Salakhutdinova: Saint Petersburg National Research University of Information Technologies, Mechanics and Optics (ITMO University), Saint-Petersburg, Russia

DOI: https://doi.org/10.23919/FRUCT.2017.8071312
Journal volume & issue: Vol. 776, no. 20
pp. 202 – 208

Abstract

Read online

The paper considers methods of identification of executable signatures using statistical criteria. Identification here should be understood as a process of file recognition by establishing its coincidence with a particular program. New ways to creation of executable file signatures are considered. A new approach to identification of elf-files based on the Chi-square and Kolmogorov-Smirnov criteria is offered. Restrictions and conditions of using these criteria are considered. The proposed method can be used to audit data-storage medium.

Published in Proceedings of the XXth Conference of Open Innovations Association FRUCT

ISSN: 2305-7254 (Print); 2343-0737 (Online)
Publisher: FRUCT
Country of publisher: Finland
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://fruct.org/publication

About the journal

Abstract

Keywords