A Memory-Based Abstraction Approach to Handle Obfuscation in Polymorphic Virus
作者: Binh T. Nguyen , Binh T. Ngo , Tho T. Quan
关键词: Programming language 、 Theoretical computer science 、 Control flow graph 、 Abstract interpretation 、 Control flow 、 Binary code 、 Obfuscation (software) 、 Data structure 、 Computer virus 、 Abstraction (linguistics) 、 Computer science
摘要: This paper describes a PhD proposal aiming at dealing with obfuscation in polymorphic virus. The major characteristic of virus is the capability infinitely self-modifying when infecting victim programs. It makes traditional signature-based detection technique ineffective since this approach needs to collect all signature instances. A recent emerging counter problem abstracting program from binary level, then extracting an abstracted model for further analysis. most common be extracted perhaps control flow graph (CFG) program. However, control-based abstraction currently suffering some advanced techniques which change not only signatures but also modify significantly Thus, analysis will become quickly too complicated. Hence, we propose novel code based on memory states. allows us detect useless instructions are part code. Moreover, next step, our can extended as new efficient pattern.
sci-hub.se 参考文章(12)
Sébastien Bardin, Philippe Herrmann, Jérôme Leroux, Olivier Ly, Renaud Tabary, Aymeric Vincent, The BINCOA framework for binary code analysis computer aided verification. ,vol. 6806, pp. 165- 170 ,(2011) , 10.1007/978-3-642-22110-1_13
Tomonori Izumida, Kokichi Futatsugi, Akira Mori, A generic binary analysis method for malware international workshop on security. pp. 199- 216 ,(2010) , 10.1007/978-3-642-16825-3_14
Sébastien Bardin, Philippe Herrmann, Franck Védrine, Refinement-based CFG reconstruction from unstructured programs verification, model checking and abstract interpretation. pp. 54- 69 ,(2011) , 10.5555/1946284.1946290
Fred Cohen, Computer viruses Computers & Security. ,vol. 6, pp. 22- 35 ,(1987) , 10.1016/0167-4048(87)90122-2
Gogul Balakrishnan, Thomas Reps, Analyzing Memory Accesses in x86 Executables compiler construction. pp. 5- 23 ,(2006) , 10.1007/978-3-540-24723-4_2
E Mark Gold, Language identification in the limit Information & Computation. ,vol. 10, pp. 447- 474 ,(1967) , 10.1016/S0019-9958(67)91165-5
Patrick Cousot, Radhia Cousot, Abstract interpretation Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages - POPL '77. pp. 238- 252 ,(1977) , 10.1145/512950.512973
Eric Filiol, Malware Pattern Scanning Schemes Secure Against Black-box Analysis Journal in Computer Virology. ,vol. 2, pp. 35- 50 ,(2006) , 10.1007/S11416-006-0009-X
Serge Chaumette, Olivier Ly, Renaud Tabary, Automated extraction of polymorphic virus signatures using abstract interpretation network and system security. pp. 41- 48 ,(2011) , 10.1109/ICNSS.2011.6059958
Johannes Kinder, Stefan Katzenbeisser, Christian Schallhart, Helmut Veith, Detecting malicious code by model checking international conference on detection of intrusions and malware and vulnerability assessment. pp. 174- 187 ,(2005) , 10.1007/11506881_11