Signature generation and detection of malware families

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5107 LNCS, Issue , 2008, Pages 336-349

  Sathyanarayan, V Sai ^a   Kohli, Pankaj ^a   Bruhadeshwar, Bezawada ^a  

^a INTERNATIONAL INSTITUTE OF INFORMATION TECHNOLOGY   (India)

Author keywords

Malware Detection; Signature Generation; Static Analysis

Indexed keywords

MALWARE; SEMANTICS;

API CALLS; COMPUTING SYSTEM; EXECUTABLES; MALWARE DETECTION; MALWARE FAMILIES; SIGNATURE GENERATION; SINGLE SPECIMEN;

STATIC ANALYSIS;

EID: 70349869466     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-70500-0_25     Document Type: Conference Paper

References (27)

1. Pietrek, M.: An In-Depth Look into the Win32 Portable Executable File Format, in MSDN Magazine (March 2002)
2. VX Heavens, http://vx.netlux.org
3. Viruslist.com - Email-Worm.Win32.Borzella, http://www.viruslist.com/en/ viruses/encyclopedia?virusid=21991
4. Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics- Aware Malware Detection. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, May 08-11, 2005, pp. 32-46 (2005)
5. Marinescu, A.: An Analysis of Simile, http://www.securityfocus.com/ infocus/1671
6. Sokal, R.R., Rohlf, F.J.: Biometry: The principles and practice of statistics in biological research, 3rd edn. Freeman, New York (1994)
7. Martignoni, L., Christodorescu, M., Jha, S.: OmniUnpack: Fast, Generic, and Safe Unpacking of Malware. In: Twenty-Third Annual Computer Security Applications Conference (ACSAC), Miami Beach, FL (December 2007)
8. Guilfanov, I.: An Advanced Interactive Multi-processor Disassembler (2000), http://www.datarescue.com
9. Ferrie, P., Ször, P.: Zmist opportunities. Virus Bullettin (2001)
10. Bilar, D.: Statistical Structures: Tolerant Fingerprinting for Classification and Analysis given at BH 2006, Las Vegas, NV. Blackhat Briefings USA (August 2006)
11. Cohen, F.: Computer Virus: Theory and experiments. Computers and Security 6, 22-35 (1987)
12. Chess, D.M., White, S.R.: An undetectable computer virus. In: Proceedings of Virus Bulletin Conference (2000)
13. Landi, N.: Undecidability of static analysis. ACM Letters on Programming Language and systems (LOPLAS) 1(4), 323-337 (1992)
14. Myres, E.M.: A precise interprocedural data flow algorithm. In: Conference Record of the 8th Annual ACM SIGPLAN-SIGACT Symp. on Principles of Programming Languages (POPL 1981), pp. 219-230. ACM Press, New York (1981)
15. Christodorescu, M., Jha, S.: Static Anlaysis of Executables to Detect Malicious Patterns. In: Proceeding of the 12th USENIX Security Symp (Security 2003), pp. 169-186 (August 2003)
16. Kruegel, C., Robertson, W., Valeur, F., Vigna, G.: Static disassembly of obfuscated binaries. In: Proceedings of USENIX Security, San Diego, CA, pp. 255-270 (August 2004)
17. Christodorescu, M., Jha, S., Krugel, C.: Mining Specification of Malicious Behavior. In: Proceeding of the 6th joint meeting of the European Software Engineering Conference. ACM SIGSOFT Symp. On ESES/FSE 2007 (2007)
18. Bergeron, J., Debbabi, M., Desharnais, J., Erhioui, M.M., Lavoie, Y., Tawbi, N.: Static Detection of Malicious Code in Executable Programs. In: Symposium on Requirements Engineering for Information Security (SREIS 2001) (2001)
19. Zhang, B., Yin, J., Hao, J.: Using Fuzzy Pattern Recognition to Detect Unknown Malicious Executables Code. In:Wang, L., Jin, Y. (eds.) Fuzzy Systems and Knowledge Discovery. LNCS (LNAI), vol.3613, pp. 629-634. Springer, Heidelberg (2005)
20. Peisert, S., Bishop, M., Karin, S., Marzullo, K.: Analysis of Computer Intrusions Using Sequences of Function Calls. IEEE Transactions on Dependable and Secure Computing (TDSC) 4(2) (April-June, 2007)
21. Bergeron, J., Debbabi, M., Erhioui, M.M., Ktari, B.: Static Analysis of Binary Code to Isolate Malicious Behaviors. In: Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises, June 16- 18, 1999, pp. 184-189 (1999)
22. Sun, H.-M., Lin, Y.-H., Wu, M.-F.: API Monitoring System for Defeating Worms and Exploits in MS-Windows System. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol.4058. Springer, Heidelberg (2006)
23. Jesse, C., Rabek, R., Khazan, I., Scott,M., Robert, L., Cunningham, K.: Detection of Injected, Dynamically Generated,and Obfuscated Malicious Code. In: Proc. of 2003 ACM workshop on Rapid Malcode (October 2003)
24. Forrest, S., Hofmeyr, S.A., Somayaji, A., Longsta., T.A.: A Sense of Self for Unix Processes. In: IEEE Symposium on Security and Privacy 1996 (1996)
25. Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors. In: IEEE Symposium on Security and Privacy (2001)
26. Peisert, S., Bishop, M., Karin, S., Marzullo, K.: Analysis of Computer Intrusions Using Sequences of Function Calls. IEEE Transactions On Dependable and Secure Computing 4(2) (April-June, 2007)
27. Zhang, Q., Reeves, D.S.: MetaAware: Identifying Metamorphic Malware. In: Choi, L., Paek, Y., Cho, S. (eds.) ACSAC 2007. LNCS, vol.4697, Springer, Heidelberg (2007)