Detecting metamorphic malwares using code graphs

Proceedings of the ACM Symposium on Applied Computing

Volumn , Issue , 2010, Pages 1970-1977

  Lee, Jusuk ^a   Jeong, Kyoochang ^a   Lee, Heejo ^a  

^a Korea University   (South Korea)

Author keywords

code graph; code obfuscation; metamorphic malware; static analysis

Indexed keywords

ANTI VIRUS; CALL GRAPHS; CODE OBFUSCATION; DEFENSE TECHNIQUES; DETECTION MECHANISM; DETECTION TECHNIQUE; GRAPH CODES; MALWARE DETECTION; MALWARES; PROGRAM SEMANTICS; REAL-WORLD;

COMPUTER VIRUSES; SECURITY OF DATA; SEMANTICS; STATIC ANALYSIS; VIRUSES;

DETECTORS;

EID: 77954746422     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1774088.1774505     Document Type: Conference Paper

References (31)

1. Vx chaos file server. http://vxchaos.official.ws.
2. Vx heavens. http://vx.netlux.org.
3. AVV. Antiheuristics. 29A Magazine, 1(1), 1999.
4. D. Bruschi, L. Martignoni, and M. Monga. Code normalization for self-mutating malware. IEEE Security & Privacy, 5(2):46-54, 2007.
5. C. J. C. Burges. A tutorial on support vector machines for pattern recognition. Data Min. Knowl. Discov., 2(2):121-167, 1998. (Pubitemid 128695475)
6. M. Christodorescu and S. Jha. Testing malware detectors. In ISSTA, pages 34-44, 2004.
7. M. Christodorescu, S. Jha, S. A. Seshia, D. X. Song, and R. E. Bryant. Semantics-aware malware detection. In IEEE Symposium on Security and Privacy, pages 32-46, 2005.
8. M. Christodorescu, J. Kinder, S. Jha, S. Katzenbeisser, and H. Veith. Malware normalization. Technical report, University of Wisconsin, November 2005.
9. F. Cohen. Computer viruses: Theory and experiments. In 7th DOD/NBS Computers and Security Conference, volume 6, pages 22-35, September 1987.
10. D.Chess and S. White. An undetectable computer virus. In Virus Bulletin Conference, September 2000.
11. M. Driller. Metamorphism in practice. 29A Magazine, 1(6), 2002.
12. G. Jacob, H. Debar, and E. Filiol. Behavioral detection of malware: from a survey towards an established taxonomy. Journal in Computer Virology, 4(3):251-266, 2008.
13. K. Jeong and H. Lee. Code graph for malware detection. In Information Networking. ICOIN. International Conference on, Jan 2008.
14. L. Julus. Metamorphism. 29A Magazine, 1(5), 2000.
15. J. Z. Kolter and M. A. Maloof. Learning to detect malicious executables in the wild. In KDD, pages 470-478, 2004.
16. R. Lyda and J. Hamrock. Using entropy analysis to find encrypted and packed malware. IEEE Security & Privacy, 5(2):40-45, 2007.
17. D. Mohanty. Anti-virus evasion techniques and countermeasures, August 2005. http://www.hackingspirits.com/ethhac/papers/whitrepapers.asp.
18. A. Moser, C. Kruegel, and E. Kirda. Limits of static analysis for malware detection. In ACSAC, pages 421-430, 2007.
19. A. Moser, C. Krügel, and E. Kirda. Exploring multiple execution paths for malware analysis. In IEEE Symposium on Security and Privacy, pages 231-245, 2007.
20. C. Nachenberg. Computer virus-antivirus coevolution. Commun. ACM, 40(1):46-51, 1997.
21. M. D. Preda, M. Christodorescu, S. Jha, and S. K. Debray. A semantics-based approach to malware detection. ACM Trans. Program. Lang. Syst., 30(5), 2008.
22. Rajaat. Polimorphism. 29A Magazine, 1(3), 1999.
23. J. W. Raymond, E. J. Gardiner, and P. W. 0002. Rascal: Calculation of graph similarity using maximum common edge subgraphs. Comput. J., 45(6):631-644, 2002.
24. V. S. Sathyanarayan, P. Kohli, and B. Bruhadeshwar. Signature generation and detection of malware families. In ACISP, pages 336-349, 2008.
25. M. G. Schultz, E. Eskin, E. Zadok, and S. J. Stolfo. Data mining methods for detection of new malicious executables. In IEEE Symposium on Security and Privacy, pages 38-49, 2001.
26. G. Taha. Counterattacking the packers. McAfee Avert Labs, Aylesbury, UK.
27. C. K. Ulrich Bayer and E. Kirda. Ttanalyze: A tool for analyzing malware. In Proc. 15th Ann. Conf. European Inst. for Computer Antivirus Research (EICAR), pages 180-192, 2006.
28. A. Walenstein, R. Mathur, M. R. Chouchane, and A. Lakhotia. Normalizing metamorphic malware using term rewriting. In SCAM, pages 75-84, 2006.
29. J.-H. Wang, P. Deng, Y.-S. Fan, L.-J. Jaw, and Y.-C. Liu. Virus detection using data mining techinques. In Proceedings. IEEE 37th Annual 2003 International Carnahan Conference on, pages 71-76, 2003.
30. C. Willems, T. Holz, and F. C. Freiling. Toward automated dynamic malware analysis using cwsandbox. IEEE Security & Privacy, 5(2):32-39, 2007.
31. B. Zelinka. On a certain distance between isomorphism classes of graph. In Casopis pro pestovani Matematiky, volume 100, pages 371-373, 1975.