Behavior-Based Malware Detection

Malware (such as viruses, worms, and spyware) pose a significant threat to our computing infrastructure. There is a pressing need for techniques for malware analysis and detection that are fast, accurate, and mostly-automatic.

In this project, we are investigating techniques for behavior-based malware detection: our algorithm focuses on detecting malicious behavior rather than searching for syntactic patterns. We specify malicious behavior in a formal language and then perform static and dynamic analyses on the code to determine whether it contains the specified behavior.

This is a collaborative project, with the work in our group at UC Berkeley focussed on the computational engines (such as SAT-based decision procedures) for malware analysis and detection.

People

Mihai Christodorescu (U. Wisconsin - Madison)

Susmit Jha

Somesh Jha (U. Wisconsin - Madison)

Sanjit A. Seshia

Dawn Song

Publications

Deciding Bit-Vector Arithmetic with Abstraction

Randal E. Bryant, Daniel Kroening, Joel Ouaknine, Sanjit A. Seshia, Ofer Strichman, and Bryan Brady.

In 13th Intl. Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), March 2007.

Semantics-Aware Malware Detection.

Mihai Christodorescu, Somesh Jha, Sanjit A. Seshia, Dawn Song, and Randal E. Bryant.

IEEE Symposium on Security and Privacy, Oakland, May 2005, pages 32-46.

Support

This project receives generous support from the National Science Foundation (NSF CyberTrust grant CNS-0627734), Microsoft Research, and an equipment grant from Intel.

Sanjit A. Seshia, last updated August 2007.