Kent E. Griffin
Symantec
Network
Latest external collaboration on country level. Dive into details by clicking on the dots.
Publication
Featured researches published by Kent E. Griffin.
recent advances in intrusion detection | 2009
Kent E. Griffin; Scott Schneider; Xin Hu; Tzi-cker Chiueh
Scanning files for signatures is a proven technology, but exponential growth in unique malware programs has caused an explosion in signature database sizes. One solution to this problem is to use string signatures , each of which is a contiguous byte sequence that potentially can match many variants of a malware family. However, it is not clear how to automatically generate these string signatures with a sufficiently low false positive rate. Hancock is the first string signature generation system that takes on this challenge on a large scale. To minimize the false positive rate, Hancock features a scalable model that estimates the occurrence probability of arbitrary byte sequences in goodware programs, a set of library code identification techniques, and diversity-based heuristics that ensure the contexts in which a signature is embedded in containing malware files are similar to one another. With these techniques combined, Hancock is able to automatically generate string signatures with a false positive rate below 0.1%.
Archive | 2006
Carey Nachenberg; Kent E. Griffin
Archive | 2008
Scott Schneider; Kent E. Griffin
Archive | 2008
Carey Nachenberg; Kent E. Griffin
usenix annual technical conference | 2013
Xin Hu; Sandeep Bhatkar; Kent E. Griffin; Kang G. Shin
Archive | 2008
Carey Nachenberg; Kent E. Griffin
Archive | 2007
Darren M. Sanders; Carey Nachenberg; Kent E. Griffin
Archive | 2008
Kent E. Griffin; Tzi-cker Chiueh; Scott Schneider; Xin Hu
Archive | 2009
Kent E. Griffin; Tzi-cker Chiueh; Scott Schneider
Archive | 2009
Tzi-cker Chiueh; Kent E. Griffin; Scott Schneider; Xin Hu
