About some possibilities of detecting hidden maltic code
Автор: S. Nesterovich, Y. Kuptsova
Рубрика: Информатика и вычислительная техника
Статья в выпуске: 3, 2021 года.
Бесплатный доступ
The article discusses how to detect hidden malicious code using entropy analysis. If a person who commits evil, intent, introduces malicious code into the original file, encodes, compresses it, etc., then this action will increase entropy. The compiled file of any program contains some sections of code, which are mostly evenly distributed. When code entanglement or coding is used, this uniformity has the property of being broken. Entropy analysis is a basic assessment of a test object, which allows you to conclude which section or part of a file you need to analyze to understand whether the object as a whole is a threat.
Analysis, entropy, malicious software, obfuscation, modified file.
Короткий адрес: https://sciup.org/148322470
IDR: 148322470 | DOI: 10.25586/RNU.V9187.21.03.P.156