Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
Compiler techniques for code compaction
ACM Transactions on Programming Languages and Systems (TOPLAS)
Specifying the Semantics of Machine Instructions
IWPC '98 Proceedings of the 6th International Workshop on Program Comprehension
Recovery of Jump Table Case Statements from Binary Code
IWPC '99 Proceedings of the 7th International Workshop on Program Comprehension
Static Analyzer of Vicious Executables (SAVE)
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Normalizing Metamorphic Malware Using Term Rewriting
SCAM '06 Proceedings of the Sixth IEEE International Workshop on Source Code Analysis and Manipulation
A semantics-based approach to malware detection
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Automated classification and analysis of internet malware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Proceedings of the 6th International Conference on Security of Information and Networks
Hi-index | 0.00 |
Malware detection is a crucial aspect of software security. A malware detector is a system that attempts to determine whether a program has malicious intent. Current malware detectors work by checking for signatures, which attempt to capture the syntactic characteristics of the machine level byte sequence of the malware. This syntactic approach makes current detectors vulnerable to code obfuscations, increasingly used by malware writers that alter the syntactic properties of the malware byte sequence without significantly affecting their execution behavior. This paper derives from the idea that the key to malware identification lies in their syntactic as well as semantic features. It explains an approach using control flow graphs (CFG) for malware detectors. We present an architecture for detecting malicious patterns in executables that is resilient to common obfuscation transformations.