Detecting equality of variables in programs
POPL '88 Proceedings of the 15th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Global value numbers and redundant computations
POPL '88 Proceedings of the 15th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Efficiently computing static single assignment form and the control dependence graph
ACM Transactions on Programming Languages and Systems (TOPLAS)
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
A generic binary analysis method for malware
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
| Hi-index | 0.00 |
We present a tool for analysis and detection of malicious mobile code such as computer viruses and internet worms based on the combined use of code simulation, static code analysis, and OS execution emulation. Unlike traditional anti-virus methods, the tool directly inspects the code and identifies commonly found malicious behaviors such as mass mailing, self duplication, and registry overwrite without relying on ``pattern files'' that contain ``signatures'' of previously captured samples. The prohibited behaviors are defined separately as security policies at the level of API library function calls in a state-transition like language. The tool also features data flow analysis based on static single assignment forms, which are useful in tracing various values stored in registers and memory locations. The current tool targets at Win32 binary programs on Intel IA32 architectures and can detect most email virusesslash worms that had spread in the wild in recent years.