抄録
This paper proposes a new malware detection method for a LZ compressed packet in NIDS. In this method, NIDS first inspects a compressed packet roughly, and selects a packet that is possibility of malware, that is like screening test. Subsequently, NIDS decompresses only the selected packet and inspects it exactly. Evaluation results show that this method is not practical for original LZ compression. Hence, this paper also denotes LZ based compression method which is suitable the proposed method. Re-evaluation results show that the proposed method archives 240% speed up proportion to the existing method by sacrificing compression size. It is expected that the proposed method contributes to compression as a new option.
