Malware detection using assembly code and control flow graph optimization

Authors:
S. S. Anju;P. Harmya;Noopa Jagadeesh;R. Darsana
Affiliations:
Amrita Vishwa Vidyapeetham, Tamil Nadu, India;Amrita Vishwa Vidyapeetham, Tamil Nadu, India;Amrita Vishwa Vidyapeetham, Tamil Nadu, India;Amrita Vishwa Vidyapeetham, Tamil Nadu, India
Venue:
Proceedings of the 1st Amrita ACM-W Celebration on Women in Computing in India
Year:
2010

Citing 10
Cited 1

Compilers: principles, techniques, and tools

Compilers: principles, techniques, and tools
Compiler techniques for code compaction

ACM Transactions on Programming Languages and Systems (TOPLAS)
Specifying the Semantics of Machine Instructions

IWPC '98 Proceedings of the 6th International Workshop on Program Comprehension
Recovery of Jump Table Case Statements from Binary Code

IWPC '99 Proceedings of the 7th International Workshop on Program Comprehension
Static Analyzer of Vicious Executables (SAVE)

ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Semantics-Aware Malware Detection

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Normalizing Metamorphic Malware Using Term Rewriting

SCAM '06 Proceedings of the Sixth IEEE International Workshop on Source Code Analysis and Manipulation
A semantics-based approach to malware detection

Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Static analysis of executables to detect malicious patterns

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Automated classification and analysis of internet malware

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection

MAIL: Malware Analysis Intermediate Language: a step towards automating and optimizing malware detection

Proceedings of the 6th International Conference on Security of Information and Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

Malware detection is a crucial aspect of software security. A malware detector is a system that attempts to determine whether a program has malicious intent. Current malware detectors work by checking for signatures, which attempt to capture the syntactic characteristics of the machine level byte sequence of the malware. This syntactic approach makes current detectors vulnerable to code obfuscations, increasingly used by malware writers that alter the syntactic properties of the malware byte sequence without significantly affecting their execution behavior. This paper derives from the idea that the key to malware identification lies in their syntactic as well as semantic features. It explains an approach using control flow graphs (CFG) for malware detectors. We present an architecture for detecting malicious patterns in executables that is resilient to common obfuscation transformations.