Using verification technology to specify and detect malware

Authors:
Andreas Holzer;Johannes Kinder;Helmut Veith
Affiliations:
Technische Universität München, Fakultät für Informatik, Garching, Germany;Technische Universität München, Fakultät für Informatik, Garching, Germany;Technische Universität München, Fakultät für Informatik, Garching, Germany
Venue:
EUROCAST'07 Proceedings of the 11th international conference on Computer aided systems theory
Year:
2007

Citing 10
Cited 6

Patterns in property specifications for finite-state verification

Proceedings of the 21st international conference on Software engineering
Mining specifications

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic

Logic of Programs, Workshop
Intrusion Detection via Static Analysis

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Testing malware detectors

ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
The Art of Computer Virus Research and Defense

The Art of Computer Virus Research and Defense
Semantics-Aware Malware Detection

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Software Library Usage Pattern Extraction Using a Software Model Checker

ASE '06 Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering
A semantics-based approach to malware detection

Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Detecting malicious code by model checking

DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment

Modelling metamorphism by abstract interpretation

SAS'10 Proceedings of the 17th international conference on Static analysis
Malware analysis with tree automata inference

CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Pushdown model checking for malware detection

TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Recognizing malicious software behaviors with tree automata inference

Formal Methods in System Design
PoMMaDe: pushdown model-checking for malware detection

Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Detecting machine-morphed malware variants via engine attribution

Journal in Computer Virology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Computer viruses and worms are major threats for our computer infrastructure, and thus, for economy and society at large. Recent work has demonstrated that a model checking based approach to malware detection can capture the semantics of security exploits more accurately than traditional approaches, and consequently achieve higher detection rates. In this approach, malicious behavior is formalized using the expressive specification language CTPL based on classic CTL. This paper gives an overview of our toolchain for malware detection and presents our new system for computer assisted generation of malicious code specifications.