Detecting self-mutating malware using control-flow graph matching

Authors:
Danilo Bruschi;Lorenzo Martignoni;Mattia Monga
Affiliations:
Dip. Informatica e Comunicazione, Università degli Studi di Milano, Milan, Italy;Dip. Informatica e Comunicazione, Università degli Studi di Milano, Milan, Italy;Dip. Informatica e Comunicazione, Università degli Studi di Milano, Milan, Italy
Venue:
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Year:
2006

Citing 12
Cited 22

Compilers: principles, techniques, and tools

Compilers: principles, techniques, and tools
A short course on computer viruses (2nd ed.)

A short course on computer viruses (2nd ed.)
Advanced compiler design and implementation

Advanced compiler design and implementation
Compiler techniques for code compaction

ACM Transactions on Programming Languages and Systems (TOPLAS)
Obfuscation of executable code to improve resistance to static disassembly

Proceedings of the 10th ACM conference on Computer and communications security
Testing malware detectors

ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Semantics-Aware Malware Detection

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Polygraph: Automatically Generating Signatures for Polymorphic Worms

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
A Method for Detecting Obfuscated Calls in Malicious Binaries

IEEE Transactions on Software Engineering
Static analysis of executables to detect malicious patterns

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Static disassembly of obfuscated binaries

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Polymorphic worm detection using structural information of executables

RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection

Code Normalization for Self-Mutating Malware

IEEE Security and Privacy
Detecting code clones in binary executables

Proceedings of the eighteenth international symposium on Software testing and analysis
A New Approach to Malware Detection

ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Malware detection based on dependency graph using hybrid genetic algorithm

Proceedings of the 12th annual conference on Genetic and evolutionary computation
Effective and efficient malware detection at the end host

SSYM'09 Proceedings of the 18th conference on USENIX security symposium
AccessMiner: using system-centric models for malware protection

Proceedings of the 17th ACM conference on Computer and communications security
Behavior abstraction in malware analysis

RV'10 Proceedings of the First international conference on Runtime verification
On detecting active worms with varying scan rate

Computer Communications
Recovering the toolchain provenance of binary code

Proceedings of the 2011 International Symposium on Software Testing and Analysis
Graph-based malware detection using dynamic analysis

Journal in Computer Virology
Fast malware family detection method using control flow graphs

Proceedings of the 2011 ACM Symposium on Research in Applied Computation
A graph mining approach for detecting unknown malwares

Journal of Visual Languages and Computing
Quantitative analysis for privacy leak software with privacy Petri net

Proceedings of the ACM SIGKDD Workshop on Intelligence and Security Informatics
A quantitative study of accuracy in system call-based malware detection

Proceedings of the 2012 International Symposium on Software Testing and Analysis
In-execution dynamic malware analysis and detection by mining information in process control blocks of Linux OS

Information Sciences: an International Journal
Opcode sequences as representation of executables for data-mining-based unknown malware detection

Information Sciences: an International Journal
Compiler help for binary manipulation tools

Euro-Par'12 Proceedings of the 18th international conference on Parallel processing workshops
Zero-day malware detection based on supervised learning algorithms of API call signatures

AusDM '11 Proceedings of the Ninth Australasian Data Mining Conference - Volume 121
Obfuscated malware detection using API call dependency

Proceedings of the First International Conference on Security of Internet of Things
PoMMaDe: pushdown model-checking for malware detection

Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Detecting malicious behaviour using supervised learning algorithms of the function calls

International Journal of Electronic Security and Digital Forensics
MAIL: Malware Analysis Intermediate Language: a step towards automating and optimizing malware detection

Proceedings of the 6th International Conference on Security of Information and Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

Next generation malware will by be characterized by the intense use of polymorphic and metamorphic techniques aimed at circumventing the current malware detectors, based on pattern matching. In order to deal with this new kind of threat, novel techniques have to be devised for the realization of malware detectors. Recent papers started to address such an issue and this paper represents a further contribution in such a field. More precisely in this paper we propose a strategy for the detection of metamorphic malicious code inside a program P based on the comparison of the control flow graphs of P against the set of control flow graphs of known malware. We also provide experimental data supporting the validity of our strategy