Computer viruses: theory and experiments
Computers and Security
Undecidability of static analysis
ACM Letters on Programming Languages and Systems (LOPLAS)
A precise inter-procedural data flow algorithm
POPL '81 Proceedings of the 8th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Static Analysis of Binary Code to Isolate Malicious Behaviors
WETICE '99 Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Detection of injected, dynamically generated, and obfuscated malicious code
Proceedings of the 2003 ACM workshop on Rapid malcode
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Static disassembly of obfuscated binaries
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Analysis of Computer Intrusions Using Sequences of Function Calls
IEEE Transactions on Dependable and Secure Computing
Mining specifications of malicious behavior
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Using fuzzy pattern recognition to detect unknown malicious executables code
FSKD'05 Proceedings of the Second international conference on Fuzzy Systems and Knowledge Discovery - Volume Part I
API monitoring system for defeating worms and exploits in MS-Windows system
ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy
Extending applications using an advanced approach to DLL injection and API hooking
Software—Practice & Experience
MEDUSA: MEtamorphic malware dynamic analysis usingsignature from API
Proceedings of the 3rd international conference on Security of information and networks
deRop: removing return-oriented programming from malware
Proceedings of the 27th Annual Computer Security Applications Conference
Fast malware family detection method using control flow graphs
Proceedings of the 2011 ACM Symposium on Research in Applied Computation
Malware classification using instruction frequencies
Proceedings of the 2011 ACM Symposium on Research in Applied Computation
A graph mining approach for detecting unknown malwares
Journal of Visual Languages and Computing
Classification of polymorphic and metamorphic malware samples based on their behavior
Proceedings of the Fifth International Conference on Security of Information and Networks
Mining control flow graph as API call-grams to detect portable executable malware
Proceedings of the Fifth International Conference on Security of Information and Networks
Proceedings of the First International Conference on Security of Internet of Things
| Hi-index | 0.00 |
Malware detection and prevention is critical for the protection of computing systems across the Internet. The problem in detecting malware is that they evolveover a period of time and hence, traditional signature-based malware detectors fail to detect obfuscated and previously unseen malware executables. However, as malware evolves, some semantics of the original malware are preserved as these semantics are necessary for the effectiveness of the malware. Using this observation, we present a novel method for detection of malware using the correlation between the semantics of the malware and its API calls. We construct a base signature for an entire malware class rather than for a single specimen of malware. Such a signature is capable of detecting even unknown and advanced variants that belong to that class. We demonstrate our approach on some well known malware classes and show that any advanced variant of the malware class is detected from the base signature.