Automatic generation of vaccines for malware immunization

Authors:
Zhaoyan Xu;Jialong Zhang;Guofei Gu;Zhiqiang Lin
Affiliations:
Texas A&M University, College Station, TX, USA;Texas A&M University, College Station, TX, USA;Texas A&M University, College Station, TX, USA;University of Texas, Dallas, TX, USA
Venue:
Proceedings of the 2012 ACM conference on Computer and communications security
Year:
2012

Citing 3
Cited 0

A Pathology of Computer Viruses

A Pathology of Computer Viruses
Isolating cause-effect chains from computer programs

Proceedings of the 10th ACM SIGSOFT symposium on Foundations of software engineering
All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask)

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

Inspired by the biological vaccines, we explore the possibility of developing similar vaccines for malware immunization. We provide the first systematic study towards this direction and present a prototype system, AGAMI, for automatic generation of vaccines for malware immunization. With a novel use of several dynamic malware analysis techniques, we show that it is possible to extract a lightweight vaccine from current malware, and after injecting such vaccine on clean machines, they can be immune from future infection from the same malware family. We evaluate AGAMI on a large set of real-world malware samples and successfully extract working vaccines for many families such as Conficker and Zeus. We believe it is an appealing complementary technique to existing malware defense solutions.