Efficient Malware Detection Using Model-Checking
作者: Fu Song , Tayssir Touili
DOI: 10.1007/978-3-642-32759-9_34
关键词:
摘要: Over the past decade, malware costs more than $10 billion every year and cost is still increasing. Classical signature-based emulation-based methods are becoming insufficient, since writers can easily obfuscate existing such that new variants cannot be detected by these methods. Thus, it important to have robust techniques for detection. In our previous work [24], we proposed use model-checking identify malware. We used pushdown systems (PDSs) model program (this allows keep track of program’s stack behavior), defined SCTPL logic specify malicious behaviors, where seen as an extension branching-time temporal CTL with variables, quantifiers, predicates over stack. Malware detection was then reduced PDSs. However, in way behaviors not very precise. Indeed, names registers memory locations instead their values. show this how sidestep limitation precise formulas consider values Moreover, make procedure efficient, propose abstraction reduces drastically size model, preserves all SCTPL∖X formulas, a fragment sufficient precisely characterize specifications. implemented tool applied automatically detect several malwares. The experimental results encouraging.
springer.com
sci-hub.st 参考文章(19)
N. Tawbi, M. Debbabi, J. Desharnais, Y. Lavoie, J. Bergeron, M. M. Erhioui, Static Detection of Malicious Code in Executable Programs ,(2000)
Javier Esparza, Stefan Schwoon, A BDD-Based Model Checker for Recursive Programs computer aided verification. pp. 324- 336 ,(2001) , 10.1007/3-540-44585-4_30
Johannes Kinder, Helmut Veith, Jakstab: A Static Analysis Platform for Binaries computer aided verification. pp. 423- 427 ,(2008) , 10.1007/978-3-540-70545-1_40
Mihai Christodorescu, Somesh Jha, Static analysis of executables to detect malicious patterns usenix security symposium. pp. 12- 12 ,(2003) , 10.21236/ADA449067
Rajeev Alur, Kousha Etessami, P. Madhusudan, A Temporal Logic of Nested Calls and Returns tools and algorithms for construction and analysis of systems. ,vol. 2988, pp. 467- 481 ,(2004) , 10.1007/978-3-540-24730-2_35
Wing Wong, Suneuy Kim, Sami Khuri, ANALYSIS AND DETECTION OF METAMORPHIC COMPUTER VIRUSES ,(2006)
Andreas Holzer, Johannes Kinder, Helmut Veith, Using verification technology to specify and detect malware computer aided systems theory. pp. 497- 504 ,(2007) , 10.1007/978-3-540-75867-9_63
G. Balakrishnan, T. Reps, N. Kidd, A. Lal, J. Lim, D. Melski, R. Gruian, S. Yong, C. -H. Chen, T. Teitelbaum, Model Checking x86 Executables with CodeSurfer/x86 and WPDS++ Computer Aided Verification. pp. 158- 163 ,(2005) , 10.1007/11513988_17
Guillaume Bonfante, Matthieu Kaczmarek, Jean-Yves Marion, Architecture of a Morphological Malware Detector Journal in Computer Virology. ,vol. 5, pp. 263- 270 ,(2009) , 10.1007/S11416-008-0102-4
Arun Lakhotia, Davidson R. Boccardo, Anshuman Singh, Aleardo Manacero, Context-sensitive analysis of obfuscated x86 executables Proceedings of the ACM SIGPLAN 2010 workshop on Partial evaluation and program manipulation - PEPM '10. pp. 131- 140 ,(2010) , 10.1145/1706356.1706381