Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
IEEE Transactions on Pattern Analysis and Machine Intelligence
Symbolic execution and program testing
Communications of the ACM
Automata Theory and Its Applications
Automata Theory and Its Applications
Introduction to Algorithms
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Exploring Multiple Execution Paths for Malware Analysis
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Mining specifications of malicious behavior
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Journal of Computer and System Sciences
Using verification technology to specify and detect malware
EUROCAST'07 Proceedings of the 11th international conference on Computer aided systems theory
Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Malware Obfuscation Techniques: A Brief Survey
BWCCA '10 Proceedings of the 2010 International Conference on Broadband, Wireless Computing, Communication and Applications
A sense of self for Unix processes
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Inference of reversible tree languages
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Recognizing malicious software behaviors with tree automata inference
Formal Methods in System Design
LTL model-checking for malware detection
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Detecting machine-morphed malware variants via engine attribution
Journal in Computer Virology
Extraction of statistically significant malware behaviors
Proceedings of the 29th Annual Computer Security Applications Conference
Mining and indexing graphs for supergraph search
Proceedings of the VLDB Endowment
Analyzing program dependencies for malware detection
Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014
Hi-index | 0.00 |
The underground malware-based economy is flourishing and it is evident that the classical ad-hoc signature detection methods are becoming insufficient. Malware authors seem to share some source code and malware samples often feature similar behaviors, but such commonalities are difficult to detect with signature-based methods because of an increasing use of numerous freelyavailable randomized obfuscation tools. To address this problem, the security community is actively researching behavioral detection methods that commonly attempt to understand and differentiate how malware behaves, as opposed to just detecting syntactic patterns. We continue that line of research in this paper and explore how formal methods and tools of the verification trade could be used for malware detection and analysis. We propose a new approach to learning and generalizing from observed malware behaviors based on tree automata inference. In particular, we develop an algorithm for inferring k-testable tree automata from system call dataflow dependency graphs and discuss the use of inferred automata in malware recognition and classification.