Minimum length of virus signatures
https://stackoverflow.com/questions/10163253
-
31-05-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianسؤال
I haven't found information about this anywhere. Is there a minimal required length for virus signatures? I've read in book by Peter Szor that for 16-bit applications 16 bytes is enough even to avoid false positives. Is there equvilent minimum for 32 and 64-bit applications too?
Thanks.
المحلول
May be my experience useful to you:
I generated hex-code signatures using n-gram, opcodes and using menonic. And I used more than 2000 viruses to min signatures. The min length was 16 byte and max size was 68 bytes. Also, for signatures was created for both malware and benign. The approach was Heuristic and Data-Mining.
The length of Benign signature was less than malware. And i though, it was because Benign are written in high-level language so compiler generated code and more similarity reduce the length of Benign signatures. Where as Malware are written in comparatively Low level (Assembly) or in inline-Assembly (embedded-assembly within high-level language) so produces lengthy signature comparably.Also long signatures are useful in detail analysis in offline scanning.
