Scheduled System Maintenance:
On May 6th, single article purchases and IEEE account management will be unavailable from 8:00 AM - 5:00 PM ET (12:00 - 21:00 UTC). We apologize for the inconvenience.
By Topic

Automated extraction of polymorphic virus signatures using abstract interpretation

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

The purchase and pricing options are temporarily unavailable. Please try again later.
3 Author(s)
Chaumette, S. ; Lab. Bordelais de Rech. en Inf., Univ. of Bordeaux, Bordeaux, France ; Ly, O. ; Tabary, R.

In this paper, we present a novel approach for the detection and signature extraction for a subclass of polymorphic computer viruses. Our detection scheme offers 0 false negative and a very low false positives detection rate. We use context-free grammars as viral signatures, and design a process able to extract this signature from a single sample of a virus. Signature extraction is achieved through a light manual information gathering process, followed by an automatic static analysis of the binary code of the virus mutation engine.

Published in:

Network and System Security (NSS), 2011 5th International Conference on

Date of Conference:

6-8 Sept. 2011