论文信息 - Morphological detection of malware

Morphological detection of malware

In the field of malware detection, method based on syntactical consideration are usually efficient. However, they are strongly vulnerable to obfuscation techniques. This study proposes an efficient construction of a morphological malware detector based on a syntactic and a semantic analysis, technically on control flow graphs of programs (CFG). Our construction employs tree automata techniques to provide an efficient representation of the CFG database. Next, we deal with classic obfuscation of programs by mutation using a generic graph rewriting engine. Finally, we carry out experiments to evaluate the false-positive ratio of the proposed methods.

[1] Somesh Jha,et al. Testing malware detectors , 2004, ISSTA '04.

[2] Somesh Jha,et al. Semantics-aware malware detection , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[3] Somesh Jha,et al. A semantics-based approach to malware detection , 2007, POPL '07.

[4] Andrew Walenstein,et al. Normalizing Metamorphic Malware Using Term Rewriting , 2006, 2006 Sixth IEEE International Workshop on Source Code Analysis and Manipulation.

[5] Eric Filiol,et al. Behavioral detection of malware: from a survey towards an established taxonomy , 2008, Journal in Computer Virology.

[6] Stefan Katzenbeisser,et al. Software transformations to improve malware detection , 2007, Journal in Computer Virology.

[7] Hubert Comon,et al. Tree automata techniques and applications , 1997 .

[8] Peter Szor,et al. The Art of Computer Virus Research and Defense , 2005 .

[9] Guillaume Bonfante,et al. Control Flow Graphs as Malware Signatures , 2007 .

[10] Éric Filiol. Computer Viruses: from Theory to Applications , 2005 .

[11] Eric Filiol,et al. Malware Pattern Scanning Schemes Secure Against Black-box Analysis , 2006, Journal in Computer Virology.

[12] Mattia Monga,et al. Detecting Self-mutating Malware Using Control-Flow Graph Matching , 2006, DIMVA.

[13] Eric Filiol,et al. On the possibility of practically obfuscating programs towards a unified perspective of code protection , 2007, Journal in Computer Virology.