Identifying the semantic and textual differences between two versions of a program
PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
Computer virus-antivirus coevolution
Communications of the ACM
Advanced compiler design and implementation
Advanced compiler design and implementation
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CCFinder: a multilinguistic token-based code clone detection system for large scale source code
IEEE Transactions on Software Engineering
Semantic Diff: A Tool for Summarizing the Effects of Modifications
ICSM '94 Proceedings of the International Conference on Software Maintenance
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
A Differencing Algorithm for Object-Oriented Programs
Proceedings of the 19th IEEE international conference on Automated software engineering
Detecting Kernel-Level Rootkits Through Binary Analysis
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Detecting higher-level similarity patterns in programs
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Matching execution histories of program versions
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Exploring Multiple Execution Paths for Malware Analysis
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Mining temporal specifications for error detection
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Detecting malicious code by model checking
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Mining library specifications using inductive logic programming
Proceedings of the 30th international conference on Software engineering
A semantics-based approach to malware detection
ACM Transactions on Programming Languages and Systems (TOPLAS)
Signature Generation and Detection of Malware Families
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Learning and Classification of Malware Behavior
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A Layered Architecture for Detecting Malicious Behaviors
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Ether: malware analysis via hardware virtualization extensions
Proceedings of the 15th ACM conference on Computer and communications security
Intelligent file scoring system for malware detection from the gray list
Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining
Identifying bug signatures using discriminative graph mining
Proceedings of the eighteenth international symposium on Software testing and analysis
Malware detection using statistical analysis of byte-level file content
Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics
Behavior based software theft detection
Proceedings of the 16th ACM conference on Computer and communications security
Mining graph patterns efficiently via randomized summaries
Proceedings of the VLDB Endowment
Malware Behavioral Detection by Attribute-Automata Using Abstraction from Platform and Language
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Can we certify systems for freedom from malware
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
CIMDS: adapting postprocessing techniques of associative classification for malware detection
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Journal of Intelligent Information Systems
Applications of data mining in software engineering
International Journal of Data Analysis Techniques and Strategies
Scalable specification mining for verification and diagnosis
Proceedings of the 47th Design Automation Conference
Fast malware classification by automated behavioral graph matching
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
MEDUSA: MEtamorphic malware dynamic analysis usingsignature from API
Proceedings of the 3rd international conference on Security of information and networks
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
AccessMiner: using system-centric models for malware protection
Proceedings of the 17th ACM conference on Computer and communications security
Expressive, efficient and obfuscation resilient behavior based IDS
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
International Journal of Automation and Computing
Automatic generation of remediation procedures for malware infections
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Characterizing kernel malware behavior with kernel data access patterns
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Deriving common malware behavior through graph clustering
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Combining file content and file relations for cloud based malware detection
Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining
Labeling library functions in stripped binaries
Proceedings of the 10th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools
JACKSTRAWS: picking command and control connections from bot traffic
SEC'11 Proceedings of the 20th USENIX conference on Security
DepSim: a dependency-based malware similarity comparison system
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Malware analysis with tree automata inference
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Crowdroid: behavior-based malware detection system for Android
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Replacement attacks on behavior based software birthmark
ISC'11 Proceedings of the 14th international conference on Information security
CP-index: on the efficient indexing of large graphs
Proceedings of the 20th ACM international conference on Information and knowledge management
A survey on automated dynamic malware-analysis techniques and tools
ACM Computing Surveys (CSUR)
Malware: from modelling to practical detection
ICDCIT'10 Proceedings of the 6th international conference on Distributed Computing and Internet Technology
Detecting repackaged smartphone applications in third-party android marketplaces
Proceedings of the second ACM conference on Data and Application Security and Privacy
Supporting velocity of investigation with behavior analysis of malware
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Shadow attacks: automatically evading system-call-behavior based malware detection
Journal in Computer Virology
A quantitative study of accuracy in system call-based malware detection
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Recognizing malicious software behaviors with tree automata inference
Formal Methods in System Design
Towards automated forensic event reconstruction of malicious code (poster abstract)
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
VAMO: towards a fully automated malware clustering validity analysis
Proceedings of the 28th Annual Computer Security Applications Conference
Lines of malicious code: insights into the malicious software industry
Proceedings of the 28th Annual Computer Security Applications Conference
Automatic inference of specifications using matching logic
PEPM '13 Proceedings of the ACM SIGPLAN 2013 workshop on Partial evaluation and program manipulation
A similarity metric method of obfuscated malware using function-call graph
Journal in Computer Virology
DiffSig: resource differentiation based malware behavioral concise signature generation
ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology
DroidChameleon: evaluating Android anti-malware against transformation attacks
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
On the feasibility of online malware detection with performance counters
Proceedings of the 40th Annual International Symposium on Computer Architecture
Obfuscated malware detection using API call dependency
Proceedings of the First International Conference on Security of Internet of Things
Vetting undesirable behaviors in android apps with permission use analysis
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Security and protection of SCADA: a bigdata algorithmic approach
Proceedings of the 6th International Conference on Security of Information and Networks
CoBAn: A context based model for data leakage prevention
Information Sciences: an International Journal
Generating Lightweight Behavioral Signature for Malware Detection in People-Centric Sensing
Wireless Personal Communications: An International Journal
Hi-index | 0.00 |
Malware detectors require a specification of malicious behavior. Typically, these specifications are manually constructed by investigating known malware. We present an automatic technique to overcome this laborious manual process. Our technique derives such a specification by comparing the execution behavior of a known malware against the execution behaviors of a set of benign programs. In other words, we mine the malicious behavior present in a known malware that is not present in a set of benign programs. The output of our algorithm can be used by malware detectors to detect malware variants. Since our algorithm provides a succinct description of malicious behavior present in a malware, it can also be used by security analysts for understanding the malware. We have implemented a prototype based on our algorithm and tested it on several malware programs. Experimental results obtained from our prototype indicate that our algorithm is effective in extracting malicious behaviors that can be used to detect malware variants.