Detection of injected, dynamically generated, and obfuscated malicious code
Proceedings of the 2003 ACM workshop on Rapid malcode
Static program analysis of embedded executable assembly code
Proceedings of the 2004 international conference on Compilers, architecture, and synthesis for embedded systems
Using Dynamic Information in the Interprocedural Static Slicing of Binary Executables
Software Quality Control
Intermediate-representation recovery from low-level code
Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Static disassembly of obfuscated binaries
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
AWE: improving software analysis through modular integration of static and dynamic analyses
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Signature Generation and Detection of Malware Families
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Hybrid analysis of executables to detect security vulnerabilities: security vulnerabilities
Proceedings of the 2nd India software engineering conference
A static API birthmark for Windows binary executables
Journal of Systems and Software
Stack bounds analysis for microcontroller assembly code
WESS '09 Proceedings of the 4th Workshop on Embedded Systems Security
WYSINWYX: What you see is not what you eXecute
ACM Transactions on Programming Languages and Systems (TOPLAS)
Improved memory-access analysis for x86 executables
CC'08/ETAPS'08 Proceedings of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction
MEDUSA: MEtamorphic malware dynamic analysis usingsignature from API
Proceedings of the 3rd international conference on Security of information and networks
Refactoring ActionScript for improving application execution time
WISS'10 Proceedings of the 2010 international conference on Web information systems engineering
Context-sensitive analysis without calling-context
Higher-Order and Symbolic Computation
Framework for safe reuse of software binaries
ICDCIT'04 Proceedings of the First international conference on Distributed Computing and Internet Technology
A graph mining approach for detecting unknown malwares
Journal of Visual Languages and Computing
Opcode sequences as representation of executables for data-mining-based unknown malware detection
Information Sciences: an International Journal
Applying static analysis to high-dimensional malicious application detection
Proceedings of the 51st ACM Southeast Conference
Hi-index | 0.00 |
In this paper, we address the problem of static slicing on binary executables for the purposes of the malicious code detection in COTS components. By operating directly on binary code without any assumption on the availability of source code, our approach is realistic and appropriate for the analysis of COTS software products. To be able to reason on such low-level code, we need a suite of program transformations that aim to get a high level imperative representation of the code. The intention is to significantly improve the analyzability while preserving the original semantics. Next, we apply slicing techniques to extract those code fragments that are critical from the security standpoint. Finally, these fragments are subjected to verification against behavioral specifications to statically decide whether they exhibit malicious behaviors or not.