Detection of metamorphic and virtualization-based malware using algebraic specification

Journal in Computer Virology

Volumn 5, Issue 3, 2009, Pages 221-245

  Webster, Matt ^a   Malcolm, Grant ^a  

^a UNIVERSITY OF LIVERPOOL   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

ALGEBRAIC SPECIFICATIONS; ANTIVIRUS SOFTWARES; ASSEMBLY PROGRAMMING; COUNTER MEASURES; IMPERATIVE PROGRAMMING LANGUAGES; INSTRUCTION SET; LATEST DEVELOPMENT; MALWARE DETECTION; MALWARES; MAUDE SPECIFICATIONS; PROOF OF CONCEPT; VIRTUALIZATIONS;

ALGEBRA; COMPUTER SOFTWARE; LINGUISTICS; QUERY LANGUAGES; SPECIFICATIONS;

COMPUTER VIRUSES;

EID: 70349997951     PISSN: 17729890     EISSN: 17729904     Source Type: Journal    
DOI: 10.1007/s11416-008-0094-0     Document Type: Article

References (30)

1. Bruschi, D., Martignoni, L., Monga, M.: Detecting self-mutating malware using control-flow graph matching. In: Büschkes, R., Laskov, P. (eds) Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), vol. 4064 of Lecture Notes in Computer Science, pp. 129-143. Springer, Heidelberg (2006).
2. Bruschi, D., Martignoni, L., Monga, M.: Using code normalization for fighting self-mutating malware. In: Proceedings of the International Symposium on Secure Software Engineering (2006).
3. Bruschi D., Martignoni L., Monga M: Code normalization for self-mutating malware. IEEE Secur. Priv. 5(2), 46-54 (2007).
4. Chess, D.M., White, S.R.: An undetectable computer virus. In: Virus Bulletin Conference, September (2000).
5. Chouchane, M.R., Lakhotia, A.: Using engine signature to detect metamorphic malware. In: Proceedings of the Fourth ACM Workshop on Recurring Malcode (WORM), pp. 73-78 (2006).
6. Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-awChouchane, M.R., Lakhotia, A.: Using engine signature to detect metamorphic malware. In: Proceedings of the Fourth ACM Workshop on Recurring Malcode (WORM), pp. 73-78 (2006).
7. Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: The Maude 2.0 system. In: Nieuwenhuis, R. (ed.) Rewriting Techniques and Applications (RTA 2003), number 2706 in Lecture Notes in Computer Science, pp. 76-87. Springer, Heidelberg (2003).
8. Filiol, E.:ComputerViruses: from Theory toApplications, chap. 5, pp. 151-163. Springer, Heidelberg (2005) ISBN 2287239391.
9. Filiol E., Josse S.: A statistical model for undecidable viral detection. J. Comput. Virol. 3, 65-74 (2007).
10. Garfinkel, T., Adams, K., Warfield, A., Franklin, J.: Compatibility is not transparency: VMM detection myths and realities. In: 11th Workshop on Hot Topics in Operating Systems (HOTOS-X) (2007).
11. Goguen, J.A., Malcolm, G.: Algebraic Semantics of Imperative Programs. Massachusetts Institute of Technology (1996) ISBN 026207172X.
12. Goguen, J.A., Malcolm, G. (eds): Software Engineering with OBJ: Algebraic Specification in Action. Kluwer, Boston, ISBN 0792377575(2000).
13. ®64 and IA-32 Architectures Software Developer's Manual, November 2007. http://www.intel.com/products/processor/manuals/index.htm Accessed 14 June (2008).
14. King, S.T., Chen, P.M., Wang, Y.-M., Verbowski, C., Wang, H.J., Lorch, J.R.: SubVirt: Implementing malware with virtual machines. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy (2006).
15. Lakhotia, A., Mohammed, M.: Imposing order on program statements to assist anti-virus scanners. In: Proceedings of Eleventh Working Conference on Reverse Engineering. IEEE Computer Society Press, New York (2004).
16. Meseguer, J., Roşu, G.: The rewriting logic semantics project. In: Proceedings of the Second Workshop on Structural Operational Semantics (SOS 2005), vol. 156 of Electronic Notes in Theoretical Computer Science, pp. 27-56. Elsevier, Amsterdam (2005).
17. Meseguer J., Roşu G.: The rewriting logic semantics project. Theor. Comput. Sci. 373(3), 213-237 (2007).
18. Moinuddin Mohammed.: Zeroing in on metamorphic computer viruses. Master's thesis, University of Louisiana at Lafayette (2003).
19. Preda, M.D., Christodorescu, M., Jha, S., Debray, S.: A semantics-based approach to malware detection. In: Proceedings of the 34th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2007) (2007).
20. Rutkowska, J.: Red Pill ... or how to detect VMM using (almost) one CPU instruction. http://www.invisiblethings.org/papers/redpill.html, November 2004. Accessed 14 June 2008.
21. TM kernel for fun and profit. Black Hat Briefings 2006, Las Vegas, USA, August 2006. http://blackhat.com/presentations/bh-usa-06/BH-US-06-Rutkowska.pdf Accessed 14 June 2008.
22. Ször, P.: The new 32-bit Medusa. Virus Bulletin, December 2000.
23. Ször P.: The Art of Computer Virus Research and Defense. Addison-Wesley, Resading (2005) ISBN 0321304543.
24. Ször, P., Ferrie, P.: Hunting for metamorphic. In: Virus Bulletin Conference Proceedings, 2001.
25. Walenstein, A., Mathur, R., Chouchane, M.R., Lakhotia, A.: Normalizing metamorphic malware using term rewriting. In: IEEE International Workshop on Source Code Analysis and Manipulation (SCAM 2006), 2006.
26. Webster M., Malcolm G.: Detection of metamorphic computer viruses using algebraic specification. J. Comput. Virol. 2(3), 149-161 (2006) doi:10.1007/s11416-006-0023-z.
27. Webster, M., Malcolm, G.: Detection of metamorphic and virtualization-based malware using algebraic specification-Maude specification, January 2008. http://www.csc.liv.ac.uk/~matt/pubs/maude/2/ Accessed 14 June 2008.
28. Webster M., Malcolm, G.: Detection of metamorphic and virtualization-based malware using algebraic specification. In: Broucek, V., Filiol, E. (eds.) 17th European Institute for Computer Antivirus Research Annual Conference Proceedings (EICAR 2008), pp. 99-119, 2008.
29. Yoo, I., Ultes-Nitsche, U.: Non-signature based virus detection: towards establishing a unknown virus detection technique using SOM. J. Comput. Virol. 2(3), (2006).
30. Yoo, I.: Visualizing Windows executable viruses using self-organizing maps. In: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, 2004.