Identifying Malicious Source Code Using LZJD

Thumbnail Image

Files

Roca_umbc_0434M_12474.pdf (2.39 MB)

Links to Files

Permanent Link

http://hdl.handle.net/11603/25974

Collections

UMBC Theses and Dissertations
UMBC Computer Science and Electrical Engineering Department
UMBC Graduate School
UMBC Student Collection

Author/Creator

Author/Creator ORCID

Date

2021-01-01

Type of Work

theses
Text
application:pdf

Department

Computer Science and Electrical Engineering

Program

Computer Science

Citation of Original Publication

Rights

This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please see http://aok.lib.umbc.edu/specoll/repro.php or contact Special Collections at speccoll(at)umbc.edu
Distribution Rights granted to UMBC by the author.
Access limited to the UMBC community. Item may possibly be obtained via Interlibrary Loan thorugh a local library, pending author/copyright holder's permission.

Subjects

LZJD
Malware Analysis
Similarity
Source Code

Abstract

This work presents a proof-of-concept of the use of Lempel-Ziv Jaccard Distance, or LZJD, as a means of detecting malicious source code by comparing the suspect source code to a library of known malicious source code. In this paper we detail our method of making these comparisons, evaluate how well it works, and suggest some potential methods of improvement for future work. We conclude that LZJD does appear to be effective at identifying similar files, but that it appears to struggle when attempting to aggregate the scores to compare entire source code projects.