Semantics-Aware Malware Detection

Mihai Christodorescu, Somesh Jha, Sanjit A. Seshia, Dawn Song, and Randal E. Bryant. Semantics-Aware Malware Detection. In Proc. IEEE Symposium on Security and Privacy, pp. 32–46, May 2005.

Download

[pdf] 

Abstract

A malware detector is a system that attempts to determine whether a program has malicious intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to morph malware. Malware detectors that use a pattern-matching approach (such as commercial virus scanners) are susceptible to obfuscations used by hackers. The fundamental deficiency in the pattern-matching approach to malware detection is that it is purely syntactic and ignores the semantics of instructions. In this paper, we present a malware-detection algorithm that addresses this deficiency by incorporating instruction semantics to detect malicious program traits. Experimental evaluation demonstrates that our malware-detection algorithm can detect variants of malware with a relatively low run-time overhead. Moreover, our semantics-aware malware detection algorithm is resilient to common obfuscations used by hackers.

BibTeX

@inproceedings{christodorescu-oakland05,
  AUTHOR = "Mihai Christodorescu and Somesh Jha and Sanjit A. Seshia and Dawn Song and Randal E. Bryant",
  TITLE = "Semantics-Aware Malware Detection",
  BOOKTITLE = "Proc. IEEE Symposium on Security and Privacy",
  MONTH = {May},
  YEAR = "2005",
  pages = "32--46",
  abstract = {
A malware detector is a system that attempts to determine whether a program has malicious intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to morph malware. Malware detectors that use a pattern-matching approach (such as commercial virus scanners) are susceptible to obfuscations used by hackers. The fundamental deficiency in the pattern-matching approach to malware detection is that it is purely syntactic and ignores the semantics of instructions. In this paper, we present a malware-detection algorithm that addresses this deficiency by incorporating instruction semantics to detect malicious program traits. Experimental evaluation demonstrates that our malware-detection algorithm can detect variants of malware with a relatively low run-time overhead. Moreover, our semantics-aware malware detection algorithm is resilient to common obfuscations used by hackers. },
}

Generated by bib2html.pl (written by Patrick Riley ) on Thu Aug 26, 2010 14:53:28