LTL model-checking for malware detection
作者: Fu Song , Tayssir Touili
DOI: 10.1007/978-3-642-36742-7_29
关键词:
摘要: Nowadays, malware has become a critical security threat. Traditional anti-viruses such as signature-based techniques and code emulation insufficient easy to get around. Thus, it is important have efficient robust detectors. In [20,19], CTL model-checking for PushDown Systems (PDSs) was shown be technique detection. However, the approach of [20,19] lacks precision runs out memory in several cases. this work, we show that specifications could expressed more precise manner using LTL instead CTL. Moreover, can express malicious behaviors cannot since PDSs polynomial size while exponential, propose use Our consists of: (1) Modeling binary program PDS. This allows track program's stack (needed detection). (2) Introducing new logic (SLTPL) specify behaviors. SLTPL an extension with variables, quantifiers, predicates over stack. (3) Reducing detection problem PDSs. We reduce model checking emptiness Symbolic Buchi implemented our tool, applied detect viruses. results are encouraging.
springer.com
acm.org 
sci-hub.st 参考文章(32)
Fu Song, Tayssir Touili, Efficient Malware Detection Using Model-Checking formal methods. pp. 418- 433 ,(2012) , 10.1007/978-3-642-32759-9_34
Philippe Beaucamps, Isabelle Gnaedig, Jean-Yves Marion, Abstraction-Based Malware Analysis Using Rewriting and Model Checking Computer Security – ESORICS 2012. ,vol. 7459, pp. 806- 823 ,(2012) , 10.1007/978-3-642-33167-1_46
Time for Verification Lecture Notes in Computer Science. ,vol. 6200, ,(2010) , 10.1007/978-3-642-13754-9
N. Tawbi, M. Debbabi, J. Desharnais, Y. Lavoie, J. Bergeron, M. M. Erhioui, Static Detection of Malicious Code in Executable Programs ,(2000)
M Zakharyaschev, F Wolter, Ian Hodkinson, S Bauer, Monodic fragments of first-order temporal logics ,(2004)
Fang Wang, Sofiène Tahar, Otmane Ait Mohamed, First-Order LTL Model Checking Using MDGs automated technology for verification and analysis. pp. 441- 455 ,(2004) , 10.1007/978-3-540-30476-0_36
Maxime Crochemore, Costas Iliopoulos, Marcin Kubica, Jakub Radoszewski, Wojciech Rytter, Tomasz Waleń, On the Maximal Number of Cubic Runs in a String Language and Automata Theory and Applications. ,vol. 6031, pp. 227- 238 ,(2010) , 10.1007/978-3-642-13089-2_19
Javier Esparza, Stefan Schwoon, A BDD-Based Model Checker for Recursive Programs computer aided verification. pp. 324- 336 ,(2001) , 10.1007/3-540-44585-4_30
Mihai Christodorescu, Somesh Jha, Static analysis of executables to detect malicious patterns usenix security symposium. pp. 12- 12 ,(2003) , 10.21236/ADA449067
Rajeev Alur, Kousha Etessami, P. Madhusudan, A Temporal Logic of Nested Calls and Returns tools and algorithms for construction and analysis of systems. ,vol. 2988, pp. 467- 481 ,(2004) , 10.1007/978-3-540-24730-2_35