• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 549
  • Last Modified:

lexical analysis and malware


How can malware detection techniques can be related to lexical analysis ?

Thanks in advance for any info !
1 Solution
Well just like every lexeme has a token associated with it to characterize it, so does a virus have a signature and it's "token" is a spot in the virus definition dictionary.  Signature based detection is the most common method that antivirus software uses to identify malware. This method is somewhat limited by the fact that it can only identify a limited amount of emerging threats, e.g. generic, or extremely broad, signatures.

For instance:
Lexeme: =    Token:  ASSIGN_OP
Lexeme: 5    Token:  NUMBER

Virus:  8 random character .dll file in system32 folder   Definition:  Vundo or Virtumonde

To the same effect, Tokenization is similar to the detection of viruses.
The first stage of lexical analysis is called the Scanner (just like in virus detection- it scans for certain things, like 8 random character .dll files in system32 folder like we talked about above.  Then the second stage in LA is called the evaluator.  Antivirus scanners do the same thing-- it finds data, usually broad, general or generic things, then evaluates or analyzes them and assigns them a value (virus or not).

Does this help at all?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Managed Security Services Webinar - March 15

Selecting the right managed security services platform to grow your business can be a huge undertaking. Join WatchGuard and Frost & Sullivan in an upcoming webinar as we dive into the key elements of selecting a vendor platform and partnership to fuel a successful MSSP business.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now