By Topic

A transformation-based model of malware derivation

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Andrew Walenstein ; School of Computer Science and Informatics, University of Louisiana at Lafayette, USA ; Arun Lakhotia

Since most malware is derived from prior code, understanding malware derivation and evolution is essential for many types of malware analysis. However prior models of malware relationships are insufficiently precise or fail to capture important relationships. A framework is proposed that treats both production and evolution uniformly as compositions of code transformations, and distinguishes disjoint but interleaved evolution of production code and malware code. Evolution relations are defined in terms of path patterns on derivation graphs; this generalizes and formalizes the relationship between phylogenies and provenance graphs. The comprehensiveness of the modeling framework is demonstrated using examples from the literature; implications for future work in relationship reconstruction are drawn.

Published in:

Malicious and Unwanted Software (MALWARE), 2012 7th International Conference on

Date of Conference:

16-18 Oct. 2012