Computer viruses: theory and experiments
Computers and Security
The complexity of theorem-proving procedures
STOC '71 Proceedings of the third annual ACM symposium on Theory of computing
Obfuscation of executable code to improve resistance to static disassembly
Proceedings of the 10th ACM conference on Computer and communications security
The Art of Computer Virus Research and Defense
The Art of Computer Virus Research and Defense
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Compilers: Principles, Techniques, and Tools (2nd Edition)
Compilers: Principles, Techniques, and Tools (2nd Edition)
Graph Theory and Its Applications, Second Edition (Discrete Mathematics and Its Applications)
Graph Theory and Its Applications, Second Edition (Discrete Mathematics and Its Applications)
Valgrind: a framework for heavyweight dynamic binary instrumentation
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Polymorphic and metamorphic malware detection
Polymorphic and metamorphic malware detection
Detecting metamorphic malwares using code graphs
Proceedings of the 2010 ACM Symposium on Applied Computing
A Fast Flowgraph Based Classification System for Packed and Polymorphic Malware on the Endhost
AINA '10 Proceedings of the 2010 24th IEEE International Conference on Advanced Information Networking and Applications
Malware detection using assembly code and control flow graph optimization
Proceedings of the 1st Amrita ACM-W Celebration on Women in Computing in India
Classification of malware using structured control flow
AusPDC '10 Proceedings of the Eighth Australasian Symposium on Parallel and Distributed Computing - Volume 107
Obfuscation: The Hidden Malware
IEEE Security and Privacy
Precise Static Analysis of Binaries by Extracting Relational Information
WCRE '11 Proceedings of the 2011 18th Working Conference on Reverse Engineering
Detecting self-mutating malware using control-flow graph matching
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Malware Variant Detection Using Similarity Search over Sets of Control Flow Graphs
TRUSTCOM '11 Proceedings of the 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications
CodeSurfer/x86—A platform for analyzing x86 executables
CC'05 Proceedings of the 14th international conference on Compiler Construction
A graph mining approach for detecting unknown malwares
Journal of Visual Languages and Computing
Opcode graph similarity and metamorphic detection
Journal in Computer Virology
ECFGM: enriched control flow graph miner for unknown vicious infected code detection
Journal in Computer Virology
Wire -- A Formal Intermediate Language for Binary Analysis
TRUSTCOM '12 Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications
Mining control flow graph as API call-grams to detect portable executable malware
Proceedings of the Fifth International Conference on Security of Information and Networks
Malwise—An Effective and Efficient Classification System for Packed and Polymorphic Malware
IEEE Transactions on Computers
Hi-index | 0.00 |
Dynamic binary obfuscation or metamorphism is a technique where a malware never keeps the same sequence of opcodes in the memory. Such malware are very difficult to analyse and detect manually even with the help of tools. We need to automate the analysis and detection process of such malware. This paper introduces and presents a new language named MAIL (Malware Analysis Intermediate Language) to automate and optimize this process. MAIL also provides portability for building malware analysis and detection tools. Each MAIL statement is assigned a pattern that can be used to annotate a control flow graph for pattern matching to analyse and detect metamorphic malware. Experimental evaluation of the proposed approach using an existing dataset yields malware detection rate of 93.92% and false positive rate of 3.02%.