• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 544
  • Last Modified:

lexical analysis and malware

Hello,

How can malware detection techniques can be related to lexical analysis ?

Thanks in advance for any info !
0
unknown_
Asked:
unknown_
1 Solution
 
IKZCommented:
Well just like every lexeme has a token associated with it to characterize it, so does a virus have a signature and it's "token" is a spot in the virus definition dictionary.  Signature based detection is the most common method that antivirus software uses to identify malware. This method is somewhat limited by the fact that it can only identify a limited amount of emerging threats, e.g. generic, or extremely broad, signatures.

For instance:
Lexeme: =    Token:  ASSIGN_OP
Lexeme: 5    Token:  NUMBER

Virus:  8 random character .dll file in system32 folder   Definition:  Vundo or Virtumonde

To the same effect, Tokenization is similar to the detection of viruses.
The first stage of lexical analysis is called the Scanner (just like in virus detection- it scans for certain things, like 8 random character .dll files in system32 folder like we talked about above.  Then the second stage in LA is called the evaluator.  Antivirus scanners do the same thing-- it finds data, usually broad, general or generic things, then evaluates or analyzes them and assigns them a value (virus or not).

Does this help at all?
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now