Semantics-aware malware detection
Christodorescu, M.
Jha, S.
Seshia, S.A.
Song, D.
Bryant, R.E.
Wisconsin Univ., Madison, WI, USA;
This paper appears in: Security and Privacy, 2005 IEEE Symposium on
Publication Date: 8-11 May 2005
On page(s): 32- 46
ISSN: 1081-6011
ISBN: 0-7695-2339-0
INSPEC Accession Number: 8531181
Digital Object Identifier: 10.1109/SP.2005.20
Current Version Published: 2005-05-23
Abstract
A malware detector is a system that attempts to determine whether a program has malicious intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to morph malware. Malware detectors that use a pattern-matching approach (such as commercial virus scanners) are susceptible to obfuscations used by hackers. The fundamental deficiency in the pattern-matching approach to malware detection is that it is purely syntactic and ignores the semantics of instructions. In this paper, we present a malware-detection algorithm that addresses this deficiency by incorporating instruction semantics to detect malicious program traits. Experimental evaluation demonstrates that our malware-detection algorithm can detect variants of malware with a relatively low run-time overhead. Moreover our semantics-aware malware detection algorithm is resilient to common obfuscations used by hackers.
Index
Terms
Available to subscribers and IEEE members.
References
Available to subscribers and IEEE members.
Citing Documents
Available to subscribers and IEEE members.
Cart
