Static analyzer of vicious executables (SAVE)

作者: A.H. Sung , J. Xu , P. Chavez , S. Mukkamala

DOI: 10.1109/CSAC.2004.37

关键词:

摘要: Software security assurance and malware (Trojans, worms, viruses, etc.) detection are important topics of information security. obfuscation, a general technique that is useful for protecting software from reverse engineering, can also be used by hackers to circumvent the tools. Current static techniques have serious limitations, sandbox testing fails provide complete solution due time constraints. In this paper, we present robust signature-based technique, with emphasis on detecting obfuscated (or polymorphic) mutated metamorphic) malware. The hypothesis all versions same share common core signature combination several features code. After particular has been first identified, it analyzed extract signature, which provides basis variants mutants in future. Encouraging experimental results large set recent presented.

参考文章(10)
David M. Chess, Steve R. White, An Undetectable Computer Virus ,(2000)
Mihai Christodorescu, Somesh Jha, Static analysis of executables to detect malicious patterns usenix security symposium. pp. 12- 12 ,(2003) , 10.21236/ADA449067
Fred Cohen, Computer viruses Computers & Security. ,vol. 6, pp. 22- 35 ,(1987) , 10.1016/0167-4048(87)90122-2
J. Bergeron, M. Debbabi, M.M. Erhioui, B. Ktari, Static analysis of binary code to isolate malicious behaviors workshops on enabling technologies infrastracture for collaborative enterprises. pp. 184- 189 ,(1999) , 10.1109/ENABL.1999.805197
Alexander Strehl, Joydeep Ghosh, Value-based customer grouping from large retail data-sets Proceedings of SPIE - The International Society for Optical Engineering. ,vol. 4057, pp. 33- 42 ,(2000) , 10.1117/12.381756
Nicholas Weaver, Vern Paxson, Stuart Staniford, Robert Cunningham, A taxonomy of computer worms workshop on rapid malcode. pp. 11- 18 ,(2003) , 10.1145/948187.948190
W C Wilson, Activity Pattern Analysis by Means of Sequence-Alignment Methods Environment and Planning A. ,vol. 30, pp. 1017- 1038 ,(1998) , 10.1068/A301017
C.S. Collberg, C. Thomborson, Watermarking, tamper-proofing, and obfuscation - tools for software protection IEEE Transactions on Software Engineering. ,vol. 28, pp. 735- 746 ,(2002) , 10.1109/TSE.2002.1027797
J. Palsberg, S. Krishnaswamy, Minseok Kwon, D. Ma, Qiuyun Shao, Y. Zhang, Experience with software watermarking annual computer security applications conference. pp. 308- 316 ,(2000) , 10.1109/ACSAC.2000.898885
Fred Cohen, Computer viruses—theory and experiments Rogue programs: viruses, worms and Trojan horses. pp. 356- 378 ,(1990)