Computer viruses: theory and experiments
Computers and Security
Interprocedural slicing using dependence graphs
ACM Transactions on Programming Languages and Systems (TOPLAS)
Undecidability of static analysis
ACM Letters on Programming Languages and Systems (LOPLAS)
Precise interprocedural dataflow analysis via graph reachability
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
First-order logic and automated theorem proving (2nd ed.)
First-order logic and automated theorem proving (2nd ed.)
From system F to typed assembly language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Manufacturing cheap, resilient, and stealthy opaque constructs
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Advanced compiler design and implementation
Advanced compiler design and implementation
Proceedings of the 1999 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Bandera: extracting finite-state models from Java source code
Proceedings of the 22nd international conference on Software engineering
Automatic formal verification of DSP software
Proceedings of the 37th Annual Design Automation Conference
Translation validation for an optimizing compiler
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
Automatic discovery of linear restraints among variables of a program
POPL '78 Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Automatic formal verification for scheduled VLIW code
Proceedings of the joint conference on Languages, compilers and tools for embedded systems: software and compilers for embedded systems
Introduction to Automata Theory, Languages and Computability
Introduction to Automata Theory, Languages and Computability
A precise inter-procedural data flow algorithm
POPL '81 Proceedings of the 8th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
Stack-Based Typed Assembly Language
TIC '98 Proceedings of the Second International Workshop on Types in Compilation
Detecting Manipulated Remote Call Streams
Proceedings of the 11th USENIX Security Symposium
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Efficient Algorithms for Model Checking Pushdown Systems
CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
PVS: Combining Specification, Proof Checking, and Model Checking
CAV '96 Proceedings of the 8th International Conference on Computer Aided Verification
Using Programmer-Written Compiler Extensions to Catch Security Holes
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Improving Computer Security Using Extended Static Checking
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Safety-checking of machine code
Safety-checking of machine code
Learning to detect malicious executables in the wild
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
Static program analysis of embedded executable assembly code
Proceedings of the 2004 international conference on Compilers, architecture, and synthesis for embedded systems
HOIST: a system for automatically deriving static analyzers for embedded systems
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
A Hybrid Security Framework of Mobile Code
COMPSAC '04 Proceedings of the 28th Annual International Computer Software and Applications Conference - Volume 01
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Countering Network Worms Through Automatic Patch Generation
IEEE Security and Privacy
A Method for Detecting Obfuscated Calls in Malicious Binaries
IEEE Transactions on Software Engineering
Temporal search: detecting hidden malware timebombs with virtual machines
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
On approximate matching of programs for protecting libre software
CASCON '06 Proceedings of the 2006 conference of the Center for Advanced Studies on Collaborative research
Learning to Detect and Classify Malicious Executables in the Wild
The Journal of Machine Learning Research
Static disassembly of obfuscated binaries
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Code Normalization for Self-Mutating Malware
IEEE Security and Privacy
An Automated Signature-Based Approach against Polymorphic Internet Worms
IEEE Transactions on Parallel and Distributed Systems
IMDS: intelligent malware detection system
Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining
Towards self-propagate mal-packets in sensor networks
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Opcodes as predictor for malware
International Journal of Electronic Security and Digital Forensics
Callgraph properties of executables
AI Communications - Network Analysis in Natural Sciences and Engineering
LISABETH: automated content-based signature generator for zero-day polymorphic worms
Proceedings of the fourth international workshop on Software engineering for secure systems
Anomaly-based fault detection in pervasive computing system
Proceedings of the 5th international conference on Pervasive services
A semantics-based approach to malware detection
ACM Transactions on Programming Languages and Systems (TOPLAS)
Signature Generation and Detection of Malware Families
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Learning and Classification of Malware Behavior
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
An FSM-Based Approach for Malicious Code Detection Using the Self-Relocation Gene
ICIC '08 Proceedings of the 4th international conference on Intelligent Computing: Advanced Intelligent Computing Theories and Applications - with Aspects of Theoretical and Methodological Issues
Eureka: A Framework for Enabling Static Malware Analysis
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Self-healing control flow protection in sensor applications
Proceedings of the second ACM conference on Wireless network security
A static API birthmark for Windows binary executables
Journal of Systems and Software
Information Security Applications
Reconstructing a Packed DLL Binary for Static Analysis
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Application security code analysis: a step towards software assurance
International Journal of Information and Computer Security
Feature set selection in data mining techniques for unknown virus detection: a comparison study
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Detecting code clones in binary executables
Proceedings of the eighteenth international symposium on Software testing and analysis
A New Approach to Malware Detection
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Dynamic Malicious Code Detection Based on Binary Translator
CloudCom '09 Proceedings of the 1st International Conference on Cloud Computing
Context-sensitive analysis of obfuscated x86 executables
Proceedings of the 2010 ACM SIGPLAN workshop on Partial evaluation and program manipulation
Data mining methods for malware detection using instruction sequences
AIA '08 Proceedings of the 26th IASTED International Conference on Artificial Intelligence and Applications
binOb+: a framework for potent and stealthy binary obfuscation
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
A model for self-modifying code
IH'06 Proceedings of the 8th international conference on Information hiding
PolyI-D: polymorphic worm detection based on instruction distribution
WISA'06 Proceedings of the 7th international conference on Information security applications: PartI
Malware detection based on mining API calls
Proceedings of the 2010 ACM Symposium on Applied Computing
Improving the efficiency of dynamic malware analysis
Proceedings of the 2010 ACM Symposium on Applied Computing
Malware obfuscation detection via maximal patterns
IITA'09 Proceedings of the 3rd international conference on Intelligent information technology application
Can we certify systems for freedom from malware
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
Malicious shellcode detection with virtual memory snapshots
INFOCOM'10 Proceedings of the 29th conference on Information communications
Graph queries through datalog optimizations
Proceedings of the 12th international ACM SIGPLAN symposium on Principles and practice of declarative programming
A view on current malware behaviors
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Malware detection using assembly code and control flow graph optimization
Proceedings of the 1st Amrita ACM-W Celebration on Women in Computing in India
Modelling metamorphism by abstract interpretation
SAS'10 Proceedings of the 17th international conference on Static analysis
Misleading malware similarities analysis by automatic data structure obfuscation
ISC'10 Proceedings of the 13th international conference on Information security
Characterizing kernel malware behavior with kernel data access patterns
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Malware detection using assembly and API call sequences
Journal in Computer Virology
Application-level reconnaissance: timing channel attacks against antivirus software
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
Improved call graph comparison using simulated annealing
Proceedings of the 2011 ACM Symposium on Applied Computing
Cloaking malware with the trusted platform module
SEC'11 Proceedings of the 20th USENIX conference on Security
Crowdroid: behavior-based malware detection system for Android
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Graph-based malware detection using dynamic analysis
Journal in Computer Virology
Context-sensitive analysis without calling-context
Higher-Order and Symbolic Computation
An attack on SMC-based software protection
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Network–Level polymorphic shellcode detection using emulation
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Detecting self-mutating malware using control-flow graph matching
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Fast malware family detection method using control flow graphs
Proceedings of the 2011 ACM Symposium on Research in Applied Computation
Malware: from modelling to practical detection
ICDCIT'10 Proceedings of the 6th international conference on Distributed Computing and Internet Technology
A method for efficient malicious code detection based on conceptual similarity
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part IV
A mobile agent-based p2p autonomous security hole discovery system
ICNC'05 Proceedings of the First international conference on Advances in Natural Computation - Volume Part III
Detecting malicious code by model checking
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A fast static analysis approach to detect exploit code inside network flows
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Framework for safe reuse of software binaries
ICDCIT'04 Proceedings of the First international conference on Distributed Computing and Internet Technology
Model checking x86 executables with codesurfer/x86 and WPDS++
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
A dynamic mechanism for recovering from buffer overflow attacks
ISC'05 Proceedings of the 8th international conference on Information Security
LADC'05 Proceedings of the Second Latin-American conference on Dependable Computing
Using purpose capturing signatures to defeat computer virus mutating
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Anagram: a content anomaly detector resistant to mimicry attack
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
New malicious code detection using variable length n-grams
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Idea: opcode-sequence-based malware detection
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Novel FPGA-Based signature matching for deep packet inspection
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
ICISS'05 Proceedings of the First international conference on Information Systems Security
Advanced static analysis for decompilation using scattered context grammars
ACC'11/MMACTEE'11 Proceedings of the 13th IASME/WSEAS international conference on Mathematical Methods and Computational Techniques in Electrical Engineering conference on Applied Computing
Pushdown model checking for malware detection
TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
The Journal of Supercomputing
Improving malware classification: bridging the static/dynamic gap
Proceedings of the 5th ACM workshop on Security and artificial intelligence
ISC'07 Proceedings of the 10th international conference on Information Security
Detection of unknown malicious script code using a conceptual graph and SVM
Proceedings of the 2012 ACM Research in Applied Computation Symposium
Towards automated forensic event reconstruction of malicious code (poster abstract)
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Opcode sequences as representation of executables for data-mining-based unknown malware detection
Information Sciences: an International Journal
LTL model-checking for malware detection
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Disguised malware script detection system using hybrid genetic algorithm
Proceedings of the 28th Annual ACM Symposium on Applied Computing
ADAM: an automatic and extensible platform to stress test android anti-virus systems
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Obfuscated malware detection using API call dependency
Proceedings of the First International Conference on Security of Internet of Things
PoMMaDe: pushdown model-checking for malware detection
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Applying static analysis to high-dimensional malicious application detection
Proceedings of the 51st ACM Southeast Conference
The Journal of Supercomputing
DUET: integration of dynamic and static analyses for malware clustering with cluster ensembles
Proceedings of the 29th Annual Computer Security Applications Conference
Simseer and bugwise: web services for binary-level software similarity and defect detection
AusPDC '13 Proceedings of the Eleventh Australasian Symposium on Parallel and Distributed Computing - Volume 140
LSB replacement steganography software detection based on model checking
IWDW'12 Proceedings of the 11th international conference on Digital Forensics and Watermaking
MutantX-S: scalable malware clustering based on static features
USENIX ATC'13 Proceedings of the 2013 USENIX conference on Annual Technical Conference
Hi-index | 0.00 |
Malicious code detection is a crucial component of any defense mechanism. In this paper, we present a unique viewpoint on malicious code detection. We regard malicious code detection as an obfuscation-deobfuscation game between malicious code writers and researchers working on malicious code detection. Malicious code writers attempt to obfuscate the malicious code to subvert the malicious code detectors, such as anti-virus software. We tested the resilience of three commercial virus scanners against code-obfuscation attacks. The results were surprising: the three commercial virus scanners could be subverted by very simple obfuscation transformations! We present an architecture for detecting malicious patterns in executables that is resilient to common obfuscation transformations. Experimental results demonstrate the efficacy of our prototype tool, SAFE (a static analyzer for executables).