Malware analysis with tree automata inference

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6806 LNCS, Issue , 2011, Pages 116-131

  Babić, Domagoj ^a   Reynaud, Daniel ^a   Song, Dawn ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

DATAFLOW; DEPENDENCY GRAPHS; DETECTION METHODS; MALWARE ANALYSIS; MALWARE DETECTION; MALWARES; SECURITY COMMUNITY; SIGNATURE DETECTION; SOURCE CODES; SYNTACTIC PATTERNS; SYSTEM CALLS; TREE AUTOMATA;

AUTOMATA THEORY; BEHAVIORAL RESEARCH; COMPUTER AIDED ANALYSIS; DATA FLOW ANALYSIS; FORMAL METHODS; PLANT EXTRACTS; TREES (MATHEMATICS);

COMPUTER CRIME;

EID: 79960360109     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-22110-1_10     Document Type: Conference Paper

References (35)

1. Aho, A.V., Sethi, R., Ullman, J.D.: Compilers: principles, techniques, and tools. Addison-Wesley Longman Publishing Co., Inc. Redwood City (1986)
2. Babić, D.: Exploiting Structure for Scalable Software Verification. Ph.D. thesis, University of British Columbia, Vancouver, Canada (2008)
3. Bonfante, G., Kaczmarek, M., Marion, J.Y.: Architecture of a morphological malware detector. Journal in Computer Virology 5, 263-270 (2009)
4. Brumley, D., Hartwig, C., Zhenkai Liang, J.N., Song, D., Yin, H.: Automatically Identifying Trigger-based Behavior in Malware. In: Botnet Detection Countering the Largest Security Threat, Advances in Information Security, vol. 36, pp. 65-88. Springer, Heidelberg (2008)
5. Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding data life-time via whole system simulation. In: Proc. of 13th USENIX Security Symp. (2004)
6. Christodorescu, M., Jha, S.: Testing malware detectors. In: ISSTA 2004: Proc. of the 2004 ACM SIGSOFT Int. Symp. on Software Testing and Analysis, pp. 34-44. ACM Press, New York (2004)
7. Christodorescu, M., Jha, S., Kruegel, C.: Mining specifications of malicious behavior. In: Proc. of the the 6th Joint Meeting of the European Software Engineering Conf. and the ACM SIGSOFT Symp. on The Foundations of Software Engineering, pp. 5-14. ACM Press, New York (2007)
8. Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: SP 2005: Proc. of the 2005 IEEE Symp. on Security and Privacy, pp. 32-46. IEEE Computer Society Press, Los Alamitos (2005)
9. Comon, H., Dauchet, M., Gilleron, R., Löding, C., Jacquemard, F., Lugiez, D., Tison, S., Tommasi, M.: Tree Automata Techniques and Applications (2007)
10. Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 2nd edn. The MIT Press, Cambridge (2001)
11. Crandall, J., Chong, F.: Minos: Control data attack prevention orthogonal to memory model. In: the Proc. of the 37th Int. Symp. on Microarchitecture, pp. 221-232. IEEE Computer Society Press, Los Alamitos (2005)
12. Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for unix processes. In: Proc. of the 1996 IEEE Symp. on Security and Privacy, pp. 120-129. IEEE Computer Society Press, Los Alamitos (1996)
13. Fredrikson, M., Jha, S., Christodorescu, M., Sailer, R., Yan, X.: Synthesizing near-optimal malware specifications from suspicious behaviors. In: Proc. of the 2010 IEEE Symp. on Security and Privacy, pp. 45-60. IEEE Computer Society Press, Los Alamitos (2010)
14. García, P.: Learning k-testable tree sets from positive data. Tech. rep. In: Dept. Syst. Inform. Comput. Univ. Politecnica Valencia, Spain (1993)
15. García, P., Vidal, E.: Inference of k-testable languages in the strict sense and application to syntactic pattern recognition. IEEE Trans. Pattern Anal. Mach. Intell. 12, 920-925 (1990)
16. Godefroid, P., Klarlund, N., Sen, K.: DART: directed automated random testing. In: Proc. of the ACM SIGPLAN Conf. on Prog. Lang. Design and Impl. pp. 213-223. ACM Press, New York (2005)
17. Gold, E.M.: Complexity of automaton identification from given data. Information and Control 37(3), 302-320 (1978)
18. Holzer, A., Kinder, J., Veith, H.: Using verification technology to specify and detect malware. In: Moreno Díaz, R., Pichler, F., Quesada Arencibia, A. (eds.) EUROCAST 2007. LNCS, vol. 4739, pp. 497-504. Springer, Heidelberg (2007)
19. Kang, M.G., McCamant, S., Poosankam, P., Song, D.: DTA++: Dynamic taint analysis with targeted control-flow propagation. In: Proc. of the 18th Annual Network and Distributed System Security Symp.San Diego, CA (2011)
20. Khoussainov, B., Nerode, A.: Automata Theory and Its Applications. Birkhäuser, Basel (2001)
21. King, J.C.: Symbolic execution and program testing. Comm. of the ACM 19(7), 385-394 (1976)
22. Knuutila, T.: Inference of k-testable tree languages. In: Bunke, H. (ed.) Advances in Structural and Syntactic Pattern Recognition: Proc. of the Int. Workshop, pp. 109-120. World Scientific, Singapore (1993)
23. Kolbitsch, C., Milani, P., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and efficient malware detection at the end host. In: The 18th USENIX Security Symp. (2009)
24. López, D., Sempere, J.M., García, P.: Inference of reversible tree languages. IEEE Transactions on Systems, Man, and Cybernetics, Part B 34(4), 1658-1665 (2004)
25. Luk, C., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V., Hazelwood, K.: Pin: building customized program analysis tools with dynamic instrumentation. In: Proc. of the 2005 ACM SIGPLAN Conf. on Prog. Lang. Design and Impl., pp. 190-200. ACM Press, New York (2005)
26. Martignoni, L., Paleari, R.: The libwst library (a part of WUSSTrace) (2010), http://code.google.com/p/wusstrace/
27. Matrosov, A., Rodionov, E., Harley, D., Malcho, J.: Stuxnet under the microscope. Tech. rep. Eset (2010)
28. Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: SP 2007: Proc. of the IEEE Symp. on Security and Privacy, pp. 231-245. IEEE Computer Society Press, Los Alamitos (2007)
29. Newsome, J., Song, D.: Dynamic Taint Analysis: Automatic Detection, Analysis, and Signature Generation of Exploit Attacks on Commodity Software. In: Proc. of the Network and Distributed Systems Security Symp. (2005)
30. Suh, G., Lee, J., Zhang, D., Devadas, S.: Secure program execution via dynamic information flow tracking. ACM SIGOPS Operating Systems Review 38(5), 85-96 (2004)
31. Symantec: Symantec global internet security threat report: Trends for 2009. Tech. rep.Symantec, vol. XV (2010)
32. Wagner, D., Dean, D.: Intrusion detection via static analysis. In: Proc. of the IEEE Symp. on Security and Privacy, p. 156. IEEE Computer Society Press, Los Alamitos (2001)
33. Wagner, D., Soto, P.:Mimicry attacks on host-based intrusion detection systems. In: Proc. of the 9th ACM Conf. on Comp. and Comm. Security, pp. 255-264. ACM Press, New York (2002)
34. You, I., Yim, K.: Malware Obfuscation Techniques: A Brief Survey. In: Int. Conf. on Broadband, Wireless Computing, Communication and Applications, pp. 297-300 (2010)
35. Zalcstein, Y.: Locally testable languages. J. Comput. Syst. Sci. 6(2), 151-167 (1972)