PoMMaDe: Pushdown model-checking for Malware detection

2013 9th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE 2013 - Proceedings

Volumn , Issue , 2013, Pages 607-610

  Song, Fu ^a   Touili, Tayssir ^b  

^a EAST CHINA NORMAL UNIVERSITY   (China)

^b UNIVERSITÉ PARIS DIDEROT   (France)

Author keywords

Malware detection; Model checking; Pushdown systems

Indexed keywords

BINARY PROGRAMS; F-SECURE; MALICIOUS BEHAVIOR; MALWARE DETECTION; MALWARES; PUSHDOWN; PUSHDOWN SYSTEMS; TREND MICROS;

COMPUTER CRIME; DETECTORS; MODEL CHECKING; VIRUSES;

SOFTWARE ENGINEERING;

EID: 84883670898     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2491411.2494599     Document Type: Conference Paper

References (24)

1. G. Balakrishnan, T. W. Reps, N. Kidd, A. Lal, J. Lim, D. Melski, R. Gruian, S. H. Yong, C.-H. Chen, and T. Teitelbaum. Model checking x86 executables with codesurfer/x86 and wpds++. In CAV, 2005.
2. T. Ball and S. K. Rajamani. The SLAM project: debugging system software via static analysis. In POPL, 2002.
3. P. Beaucamps, I. Gnaedig, and J.-Y. Marion. Behavior abstraction in malware analysis. In RV, pages 168-182, 2010.
4. P. Beaucamps, I. Gnaedig, and J.-Y. Marion. Abstraction-based malware analysis using rewriting and model checking. In ESORICS, pages 806-823, 2012.
5. J. Bergeron, M. Debbabi, J. Desharnais, M. Erhioui, Y. Lavoie, and N. Tawbi. Static detection of malicious code in executable programs. In SREIS, 2001.
6. D. Beyer, T. A. Henzinger, R. Jhala, and R. Majumdar. The software model checker blast. STTT, 9(5-6):505-525, 2007.
7. D. Brumley, C. Hartwig, Z. Liang, J. Newsome, D. X. Song, and H. Yin. Automatically identifying trigger-based behavior in malware. In Botnet Detection. 2008.
8. D. Bruschi, L. Martignoni, and M. Monga. Detecting self-mutating malware using control-flow graph matching. In DIMVA, 2006.
9. M. Christodorescu and S. Jha. Static analysis of executables to detect malicious patterns. In 12th USENIX Security Symposium, 2003.
10. M. Christodorescu, S. Jha, S. A. Seshia, D. X. Song, and R. E. Bryant. Semantics-aware malware detection. In IEEE Symposium on Security and Privacy, 2005.
11. M. Egele, C. Kruegel, E. Kirda, H. Yin, and D. X. Song. Dynamic spyware analysis. In USENIX Annual Technical Conference, 2007.
12. Hex-Rays. IDAPro, 2011.
13. A. Holzer, J. Kinder, and H. Veith. Using verification technology to specify and detect malware. In EUROCAST, 2007.
14. J. Kinder, S. Katzenbeisser, C. Schallhart, and H. Veith. Detecting malicious code by model checking. In DIMVA, 2005.
15. J. Kinder and H. Veith. Jakstab: A static analysis platform for binaries. In CAV, 2008.
16. A. Lakhotia, E. U. Kumar, and M. Venable. A method for detecting obfuscated calls in malicious binaries. IEEE Trans. Software Eng., 31(11), 2005.
17. PEfile. http://code.google.com/p/pefile, 2012.
18. P. K. Singh and A. Lakhotia. Static verification of worm and virus behavior in binary executables using model checking. In IAW, 2003.
19. F. Song and T. Touili. Efficient malware detection using model-checking. In FM, 2012.
20. F. Song and T. Touili. PuMoC: A CTL Model-Checker for Sequential Programs. In ASE, 2012.
21. F. Song and T. Touili. Pushdown model checking for malware detection. In TACAS, 2012.
22. F. Song and T. Touili. LTL Model-Checking for Malware Detection. TACAS, 2013.
23. A. V. Thakur, J. Lim, A. Lal, A. Burton, E. Driscoll, M. Elder, T. Andersen, and T. W. Reps. Directed proof generation for machine code. In CAV, pages 288-305, 2010.
24. W. Wong. Analysis and detection of metamorphic computer viruses. Master's thesis, San Jose State University, 2006.