By Topic

Automated extraction of polymorphic virus signatures using abstract interpretation

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Chaumette, S. ; Lab. Bordelais de Rech. en Inf., Univ. of Bordeaux, Bordeaux, France ; Ly, O. ; Tabary, R.

In this paper, we present a novel approach for the detection and signature extraction for a subclass of polymorphic computer viruses. Our detection scheme offers 0 false negative and a very low false positives detection rate. We use context-free grammars as viral signatures, and design a process able to extract this signature from a single sample of a virus. Signature extraction is achieved through a light manual information gathering process, followed by an automatic static analysis of the binary code of the virus mutation engine.

Published in:

Network and System Security (NSS), 2011 5th International Conference on

Date of Conference:

6-8 Sept. 2011