Identifying the semantic and textual differences between two versions of a program
PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
Computer virus-antivirus coevolution
Communications of the ACM
Advanced compiler design and implementation
Advanced compiler design and implementation
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CCFinder: a multilinguistic token-based code clone detection system for large scale source code
IEEE Transactions on Software Engineering
Semantic Diff: A Tool for Summarizing the Effects of Modifications
ICSM '94 Proceedings of the International Conference on Software Maintenance
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
A Differencing Algorithm for Object-Oriented Programs
Proceedings of the 19th IEEE international conference on Automated software engineering
Detecting Kernel-Level Rootkits Through Binary Analysis
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Detecting higher-level similarity patterns in programs
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Matching execution histories of program versions
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Exploring Multiple Execution Paths for Malware Analysis
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Mining temporal specifications for error detection
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Detecting malicious code by model checking
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Pushdown model checking for malware detection
TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
NORT: runtime anomaly-based monitoring of malicious behavior for windows
RV'11 Proceedings of the Second international conference on Runtime verification
Classification of polymorphic and metamorphic malware samples based on their behavior
Proceedings of the Fifth International Conference on Security of Information and Networks
Malware classification based on extracted API sequences using static analysis
Proceedings of the Asian Internet Engineeering Conference
Scalable fine-grained behavioral clustering of HTTP-based malware
Computer Networks: The International Journal of Computer and Telecommunications Networking
Extraction of statistically significant malware behaviors
Proceedings of the 29th Annual Computer Security Applications Conference
Design and Implementation of a Data Mining System for Malware Detection
Journal of Integrated Design & Process Science
| Hi-index | 0.00 |
Malware detectors require a specification of maliciousbehavior. Typically, these specifications are manually constructedby investigating known malware. We present an automatic technique to overcome this laborious manual process. Our technique derives such a specification by comparing the execution behavior of a known malware against the execution behaviors of a set of benign programs. In other words, we mine the malicious behavior present in a known malware that is not present in a set of benign programs. The output of our algorithm can be used by malware detectors to detect malware variants. Since our algorithm provides a succinct description of malicious behavior present in a malware, it can also be used by security analysts for understanding the malware. We have implemented a prototype based on our algorithm and tested it on several malware programs. Experimental results obtained from our prototype indicate that our algorithm is effective in extracting malicious behaviors that can be used to detect malware variants