Behavior abstraction in malware analysis

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6418 LNCS, Issue , 2010, Pages 168-182

  Beaucamps, Philippe ^a   Gnaedig, Isabelle ^a   Marion, Jean Yves ^a  

^a UNIVERSITÉ DE LORRAINE   (France)

Author keywords

behavior abstraction; behavioral detection; dynamic binary instrumentation; finite state automaton; formal language; Malware; string rewriting; trace

Indexed keywords

BEHAVIOR ABSTRACTION; BEHAVIORAL DETECTION; DYNAMIC BINARY INSTRUMENTATION; FINITE STATE AUTOMATA; MALWARES; STRING REWRITING; TRACE; CODE INSTRUMENTATION; EXPRESSIVE POWER; MALICIOUS BEHAVIOR; MALWARE DETECTION;

BINARY SEQUENCES; COMPUTER CRIME; FINITE AUTOMATA; FORMAL LANGUAGES; INSTRUMENTS; SECURITY OF DATA; ABSTRACTING;

ABSTRACTING; MALWARE;

EID: 78650082281     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-16612-9_14     Document Type: Conference Paper

References (22)

1. DynamoRIO, http://dynamorio.org
2. OpenFST, http://www.openfst.org/
3. Pin, http://www.pintool.org
4. Apel, M., Bockermann, C., Meier, M.: Measuring similarity of malware behavior. In: IEEE Conference on Local Computer Networks, pp. 891-898. IEEE, Los Alamitos (October 2009)
5. Beaucamps, P., Gnaedig, I., Marion, J.-Y.: Behavior Abstraction in Malware Analysis - Extended Version. HAL-INRIA Open Archive Number inria-00509486
6. Bergeron, J., Debbabi, M., Desharnais, J., Erhioui, M.M., Lavoie, Y., Tawbi, N.: Static detection of malicious code in executable programs. In: Symposium on Requirements Engineering for Information Security (2001)
7. Bonfante, G., Kaczmarek, M., Marion, J.-Y.: Architecture of a morphological malware detector. Journal in Computer Virology (2008)
8. Brumley, D., Hartwig, C., Liang, Z., Newsome, J., Song, D., Yin, H.: Automatically identifying trigger-based behavior in malware. Botnet Detection 36, 65-88 (2008)
9. Bruschi, D., Martignoni, L., Monga, M.: Detecting self-mutating malware using control-flow graph matching. In: Büschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol. 4064, pp. 129-143. Springer, Heidelberg (2006)
10. Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: IEEE Symposium on Security and Privacy, pp. 32-46. IEEE Computer Society, Los Alamitos (2005)
11. Cohen, F.: Computer viruses: Theory and experiments. Computers and Security 6(1), 22-35 (1987)
12. Dullien, T., Rolles, R.: Graph-based comparison of executable objects. In: Symposium sur la Sécurité des Technologies de l'Information et des Télécommunications (2005)
13. Esparza, J., Rossmanith, P., Schwoon, S.: A uniform framework for problems on context-free grammars. Bulletin of the EATCS 72, 169-177 (2000)
14. Godefroid, P., Levin, M.Y., Molnar, D.: Automated whitebox fuzz testing. In: Network Distributed Security Symposium. Internet Society (2008)
15. Gunter, C.A.: Semantics of Programming Languages: Structures and Techniques. MIT Press, Cambridge (1992)
16. Jacob, G., Debar, H., Filiol, E.: Malware behavioral detection by attributeautomata using abstraction from platform and language. In: Balzarotti, D. (ed.) RAID 2009. LNCS, vol. 5758, pp. 81-100. Springer, Heidelberg (2009)
17. Kinder, J., Katzenbeisser, S., Schallhart, C., Veith, H.: Detecting malicious code by model checking. In: Julisch, K., Krügel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 174-187. Springer, Heidelberg (2005)
18. Le Charlier, B., Mounji, A., Swimmer, M.: Dynamic detection and classification of computer viruses using general behaviour patterns. In: International Virus Bulletin Conference, pp. 1-22 (1995)
19. Martignoni, L., Stinson, E., Fredrikson, M., Jha, S., Mitchell, J.C.: A layered architecture for detecting malicious behaviors. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 78-97. Springer, Heidelberg (2008)
20. Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: IEEE Symposium on Security and Privacy, pp. 231-245. IEEE Computer Society, Los Alamitos (2007)
21. Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: IEEE Symposium on Security and Privacy, pp. 144-155. IEEE Computer Society, Los Alamitos (2001)
22. Singh, P.K., Lakhotia, A.: Static verification of worm and virus behavior in binary executables using model checking. In: Information Assurance Workshop, pp. 298-300. IEEE Press, Los Alamitos (2003)