Network-based Executable File Detection Reconstruction System for Malware Detection

摘要

As the hackers' intension has been changed from fast and widespread malware propagation, to more sophisticated "targeted" attacks such as spy/adware, password stealers, ransom ware, botnets etc., malware detection has become one of the most important security issues. The malware analysis has to be preceded for the malware detection. Therefore, before it is analyzed in suspicious executable files, it has to be collected. The malwares could be gathered from the attacked systems, but it means that an attack already has succeeded The suspicious file collection has to be possible before an attack succeeds in order to overcome this situation. For that, in this paper we propose the network-based executable file (Windows PE file) detection and reconstruction system (NEFDRS). The NEFDRS proposed in this paper can collect the executable files from the network packets, however, all the malwares are due to be executable so the suspicious executable file can be collected earlier than it is currently possible. Therefore the executable file could be quickly provided for the existing malware detection system. The NEFDRS can help the malware detection system which is able to detect and protect the malwares before the attack succeeds.