Computer viruses: theory and experiments
Computers and Security
Computer virus-antivirus coevolution
Communications of the ACM
Manufacturing cheap, resilient, and stealthy opaque constructs
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Systematic design of program transformation frameworks by abstract interpretation
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Systematic design of program analysis frameworks
POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
An Approach to the Obfuscation of Control-Flow of Sequential Computer Programs
ISC '01 Proceedings of the 4th International Conference on Information Security
Obfuscation of executable code to improve resistance to static disassembly
Proceedings of the 10th ACM conference on Computer and communications security
Learning to detect malicious executables in the wild
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
The Art of Computer Virus Research and Defense
The Art of Computer Virus Research and Defense
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
On obfuscating point functions
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
On the Impossibility of Obfuscation with Auxiliary Input
FOCS '05 Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science
Control Code Obfuscation by Abstract Interpretation
SEFM '05 Proceedings of the Third IEEE International Conference on Software Engineering and Formal Methods
Semantic-based code obfuscation by abstract interpretation
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Detecting malicious code by model checking
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A semantics-based approach to malware detection
ACM Transactions on Programming Languages and Systems (TOPLAS)
Dynamic Binary Instrumentation-Based Framework for Malware Defense
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A static API birthmark for Windows binary executables
Journal of Systems and Software
Battle of Botcraft: fighting bots in online games with human observational proofs
Proceedings of the 16th ACM conference on Computer and communications security
Context-sensitive analysis of obfuscated x86 executables
Proceedings of the 2010 ACM SIGPLAN workshop on Partial evaluation and program manipulation
A heuristic approach for detection of obfuscated malware
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Using verification technology to specify and detect malware
EUROCAST'07 Proceedings of the 11th international conference on Computer aided systems theory
Malware detection using assembly code and control flow graph optimization
Proceedings of the 1st Amrita ACM-W Celebration on Women in Computing in India
Towards revealing JavaScript program intents using abstract interpretation
Proceedings of the Sixth Asian Internet Engineering Conference
Metamorphic virus variants classification using opcode frequency histogram
ICCOMP'10 Proceedings of the 14th WSEAS international conference on Computers: part of the 14th WSEAS CSCC multiconference - Volume I
Cloaking malware with the trusted platform module
SEC'11 Proceedings of the 20th USENIX conference on Security
Context-sensitive analysis without calling-context
Higher-Order and Symbolic Computation
An immune concentration based virus detection approach using particle swarm optimization
ICSI'10 Proceedings of the First international conference on Advances in Swarm Intelligence - Volume Part I
Covert computation: hiding code in code for obfuscation purposes
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Applying static analysis to high-dimensional malicious application detection
Proceedings of the 51st ACM Southeast Conference
Analyzing program dependencies for malware detection
Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014
Hi-index | 0.00 |
Malware detection is a crucial aspect of software security. Current malware detectors work by checking for "signatures," which attempt to capture (syntactic) characteristics of the machine-level byte sequence of the malware. This reliance on a syntactic approach makes such detectors vulnerable to code obfuscations, increasingly used by malware writers, that alter syntactic properties of the malware byte sequence without significantly affecting their execution behavior.This paper takes the position that the key to malware identification lies in their semantics. It proposes a semantics-based framework for reasoning about malware detectors and proving properties such as soundness and completeness of these detectors. Our approach uses a trace semantics to characterize the behaviors of malware as well as the program being checked for infection, and uses abstract interpretation to "hide" irrelevant aspects of these behaviors. As a concrete application of our approach, we show that the semantics-aware malware detector proposed by Christodorescu et al. is complete with respect to a number of common obfuscations used by malware writers.