Solved

lexical analysis and malware

Posted on 2009-03-31
2
498 Views
Last Modified: 2013-11-22
Hello,

How can malware detection techniques can be related to lexical analysis ?

Thanks in advance for any info !
0
Comment
Question by:unknown_
2 Comments
 
LVL 6

Accepted Solution

by:
IKZ earned 500 total points
ID: 24034911
Well just like every lexeme has a token associated with it to characterize it, so does a virus have a signature and it's "token" is a spot in the virus definition dictionary.  Signature based detection is the most common method that antivirus software uses to identify malware. This method is somewhat limited by the fact that it can only identify a limited amount of emerging threats, e.g. generic, or extremely broad, signatures.

For instance:
Lexeme: =    Token:  ASSIGN_OP
Lexeme: 5    Token:  NUMBER

Virus:  8 random character .dll file in system32 folder   Definition:  Vundo or Virtumonde

To the same effect, Tokenization is similar to the detection of viruses.
The first stage of lexical analysis is called the Scanner (just like in virus detection- it scans for certain things, like 8 random character .dll files in system32 folder like we talked about above.  Then the second stage in LA is called the evaluator.  Antivirus scanners do the same thing-- it finds data, usually broad, general or generic things, then evaluates or analyzes them and assigns them a value (virus or not).

Does this help at all?
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question