Mining Malware Specifications through Static Reachability Analysis
作者: Hugo Daniel Macedo , Tayssir Touili
DOI: 10.1007/978-3-642-40203-6_29
关键词: Data mining 、 Cryptovirology 、 Test set 、 Reachability 、 Application programming interface 、 Signature (logic) 、 Computer science 、 Theoretical computer science 、 Malware 、 Tree automaton 、 System call
摘要: The number of malicious software (malware) is growing out control. Syntactic signature based detection cannot cope with such growth and manual construction malware databases needs to be replaced by computer learning approaches. Currently, a single modern capturing the semantics behavior can used replace an arbitrarily large old-fashioned syntactical signatures. However teaching computers learn behaviors challenge. Existing work relies on dynamic analysis extract behaviors, but technique does not guarantee coverage all behaviors. To sidestep this limitation we show how signatures using static reachability analysis. idea model binary programs pushdown systems (that stack operations occurring during code execution), use in form trees, subtrees that are common among trees extracted from training set files as detect propose tree automaton compactly store check if any file under malicious. Experimental data shows our approach them test 10 times size set.
arxiv.org
harvard.edu
springer.com
archives-ouvertes.fr
ios.ac.cn 
sci-hub.st 参考文章(30)
G. Bonfante, M. Kaczmarek, J. -Y. Marion, Toward an Abstract Computer Virology Theoretical Aspects of Computing – ICTAC 2005. ,vol. 3722, pp. 579- 593 ,(2005) , 10.1007/11560647_38
Ahmed Bouajjani, Javier Esparza, Oded Maler, Reachability Analysis of Pushdown Automata: Application to Model-Checking international conference on concurrency theory. pp. 135- 150 ,(1997) , 10.1007/3-540-63141-0_10
Andreas Holzer, Johannes Kinder, Helmut Veith, Using verification technology to specify and detect malware computer aided systems theory. pp. 497- 504 ,(2007) , 10.1007/978-3-540-75867-9_63
Peter Szor, The Art of Computer Virus Research and Defense ,(2005)
J. Bergeron, M. Debbabi, M.M. Erhioui, B. Ktari, Static analysis of binary code to isolate malicious behaviors workshops on enabling technologies infrastracture for collaborative enterprises. pp. 184- 189 ,(1999) , 10.1109/ENABL.1999.805197
Guillaume Bonfante, Matthieu Kaczmarek, Jean-Yves Marion, Architecture of a Morphological Malware Detector Journal in Computer Virology. ,vol. 5, pp. 263- 270 ,(2009) , 10.1007/S11416-008-0102-4
Mihai Christodorescu, Somesh Jha, Christopher Kruegel, Mining specifications of malicious behavior Proceedings of the 1st conference on India software engineering conference - ISEC '08. pp. 5- 14 ,(2008) , 10.1145/1342211.1342215
Guillaume Bonfante, Matthieu Kaczmarek, Jean-Yves Marion, A Classification of Viruses Through Recursion Theorems conference on computability in europe. ,vol. 4497, pp. 73- 82 ,(2007) , 10.1007/978-3-540-73001-9_8
Learning with mixtures of trees Journal of Machine Learning Research. ,vol. 1, pp. 1- 48 ,(2001) , 10.1162/153244301753344605
Alex Skaletsky, Tevi Devor, Nadav Chachmon, Robert Cohn, Kim Hazelwood, Vladimir Vladimirov, Moshe Bach, Dynamic program analysis of Microsoft Windows applications international symposium on performance analysis of systems and software. pp. 2- 12 ,(2010) , 10.1109/ISPASS.2010.5452079