Static analysis of executables to detect malicious patterns
作者: Mihai Christodorescu , Somesh Jha
DOI: 10.21236/ADA449067
关键词:
摘要: Malicious code detection is a crucial component of any defense mechanism. In this paper, we present unique viewpoint on malicious detection. We regard as an obfuscation-deobfuscation game between writers and researchers working attempt to obfuscate the subvert detectors, such anti-virus software. tested resilience three commercial virus scanners against code-obfuscation attacks. The results were surprising: could be subverted by very simple obfuscation transformations! architecture for detecting patterns in executables that resilient common transformations. Experimental demonstrate efficacy our prototype tool, SAFE (a static analyzer executables).
christodorescu.org
wisconsin.edu
acm.org
fit.edu 
jhu.edu 参考文章(43)
Melvin Fitting, First-order logic and automated theorem proving (2nd ed.) Springer-Verlag New York, Inc.. ,(1996)
Vern Paxson, Stuart Staniford, Nicholas Weaver, Stefan Savage, Colleen Shannon, David Moore, The Spread of the Sapphire/Slammer Worm ,(2003)
David M. Chess, Steve R. White, An Undetectable Computer Virus ,(2000)
Javier Esparza, David Hansel, Peter Rossmanith, Stefan Schwoon, Efficient Algorithms for Model Checking Pushdown Systems computer aided verification. pp. 232- 247 ,(2000) , 10.1007/10722167_20
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
David Gries, Melvin Fitting, First-Order Logic and Automated Theorem Proving ,(1995)
Christian Collberg, Douglas Low, C. Thomborson, A Taxonomy of Obfuscating Transformations Department of Computer Science, The University of Auckland, New Zealand. ,(1997)
Fred Cohen, Computer viruses Computers & Security. ,vol. 6, pp. 22- 35 ,(1987) , 10.1016/0167-4048(87)90122-2
Barton P. Miller, Somesh Jha, Jonathon T. Giffin, Detecting Manipulated Remote Call Streams usenix security symposium. pp. 61- 79 ,(2002)
K. Ashcraft, D. Engler, Using programmer-written compiler extensions to catch security holes ieee symposium on security and privacy. pp. 143- 159 ,(2002) , 10.1109/SECPRI.2002.1004368