FPGA-based static analysis tool for detecting malicious binaries

Authors

Nitesh B. Guinde, Newark College of Engineering
Xin Tang, Newark College of Engineering
Ronak Sutaria, Newark College of Engineering
Sotirios G. Ziavras, Newark College of Engineering
Constantine N. Manikopoulos, Newark College of Engineering

Document Type

Conference Proceeding

Publication Date

5-28-2010

Abstract

The detection of malicious files is an important component of any intrusion detection system. Due to increases in network speeds and new worms being discovered frequently, there arises a need to detect worms on the fly without totally relying on signatures. There are methods available for detecting malicious files by looking into the dynamic behavior of the files. However, in most of these cases the file has to be either run in a dynamic environment or has to be disassembled to look at its content. We present here a novel method to look at the files without the need of executing or disassembling them. We also provide a framework that implements our method on Field Programmable Gate Arrays (FPGAs). We use a novel approach to identify byte-patterns that can be used to do static analysis of binaries. Our FPGA implementation can detect worms at multi-gigabit rates and also provides us with a tool that can help us carry out systematic, real time analysis and detection of malicious binaries. ©2010 IEEE.

Identifier

77952637840 (Scopus)

ISBN

[9781424455850]

Publication Title

2010 the 2nd International Conference on Computer and Automation Engineering Iccae 2010

External Full Text Location

https://doi.org/10.1109/ICCAE.2010.5451703

First Page

639

Last Page

643

Volume

2

Recommended Citation

Guinde, Nitesh B.; Tang, Xin; Sutaria, Ronak; Ziavras, Sotirios G.; and Manikopoulos, Constantine N., "FPGA-based static analysis tool for detecting malicious binaries" (2010). Faculty Publications. 6306.
https://digitalcommons.njit.edu/fac_pubs/6306