Isolated Program Execution: An Application Transparent Approach for Executing Untrusted Programs
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Hamsa: Fast Signature Generation for Zero-day PolymorphicWorms with Provable Attack Resilience
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Back to the Future: A Framework for Automatic Malware Removal and System Repair
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
An architecture for generating semantics-aware signatures
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Exploring Multiple Execution Paths for Malware Analysis
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Mining specifications of malicious behavior
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Bouncer: securing software by blocking bad input
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Panorama: capturing system-wide information flow for malware detection and analysis
Proceedings of the 14th ACM conference on Computer and communications security
A semantics-based approach to malware detection
ACM Transactions on Programming Languages and Systems (TOPLAS)
Learning and Classification of Malware Behavior
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A Layered Architecture for Detecting Malicious Behaviors
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
How Good Are Malware Detectors at Remediating Infected Systems?
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Intrusion recovery using selective re-execution
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Safe side effects commitment for OS-level virtualization
Proceedings of the 8th ACM international conference on Autonomic computing
FORECAST: skimming off the malware cream
Proceedings of the 27th Annual Computer Security Applications Conference
Detecting environment-sensitive malware
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
System-Level support for intrusion recovery
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
| Hi-index | 0.00 |
Despite the widespread deployment of malware-detection software, in many situations it is difficult to preemptively block a malicious program from infecting a system. Rather, signatures for detection are usually available only after malware have started to infect a large group of systems. Ideally, infected systems should be reinstalled from scratch. However, due to the high cost of reinstallation, users may prefer to rely on the remediation capabilities of malware detectors to revert the effects of an infection. Unfortunately, current malware detectors perform this task poorly, leaving users' systems in an unsafe or unstable state. This paper presents an architecture to automatically generate remediation procedures from malicious programs--procedures that can be used to remediate all and only the effects of the malware's execution in any infected system. We have implemented a prototype of this architecture and used it to generate remediation procedures for a corpus of more than 200 malware binaries. Our evaluation demonstrates that the algorithm outperforms the remediation capabilities of top-rated commercial malware detectors.