A semantics-based approach to malware detection-Reference-Cited by-同舟云学术

A semantics-based approach to malware detection

Published:2008-08 Issue:5 Volume:30 Page:1-54
ISSN:0164-0925
Container-title:ACM Transactions on Programming Languages and Systems
language:en
Short-container-title:ACM Trans. Program. Lang. Syst.

Author:

Preda Mila Dalla¹,Christodorescu Mihai²,Jha Somesh²,Debray Saumya³

Affiliation:

1. University of Verona

2. University of Wisconsin, Madison

3. University of Arizona, Tucson

Abstract

Malware detection is a crucial aspect of software security. Current malware detectors work by checking for signatures , which attempt to capture the syntactic characteristics of the machine-level byte sequence of the malware. This reliance on a syntactic approach makes current detectors vulnerable to code obfuscations, increasingly used by malware writers, that alter the syntactic properties of the malware byte sequence without significantly affecting their execution behavior. This paper takes the position that the key to malware identification lies in their semantics. It proposes a semantics-based framework for reasoning about malware detectors and proving properties such as soundness and completeness of these detectors. Our approach uses a trace semantics to characterize the behavior of malware as well as that of the program being checked for infection, and uses abstract interpretation to “hide” irrelevant aspects of these behaviors. As a concrete application of our approach, we show that (1) standard signature matching detection schemes are generally sound but not complete, (2) the semantics-aware malware detector proposed by Christodorescu et al. is complete with respect to a number of common obfuscations used by malware writers and (3) the malware detection scheme proposed by Kinder et al. and based on standard model-checking techniques is sound in general and complete on some, but not all, obfuscations handled by the semantics-aware malware detector.

Funder

Division of Computer and Network Systems

National Science Foundation

Publisher

Association for Computing Machinery (ACM)

Subject

Software

Link

https://dl.acm.org/doi/pdf/10.1145/1387673.1387674

Reference49 articles.

1. Lecture Notes in Computer Science;Adleman L. M.

2. Briesemeister L. Porras P. A. and Tiwari A. 2005. Model checking of worm quarantine and counter-quarantine under a group defense. Tech. rep. SRI-CSL-05-03 Computer Science Laboratory. SRI International. Briesemeister L. Porras P. A. and Tiwari A. 2005. Model checking of worm quarantine and counter-quarantine under a group defense. Tech. rep. SRI-CSL-05-03 Computer Science Laboratory. SRI International.

Cited by 36 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Review Study of the Impact of Artificial Intelligence on Cyber Security;2023 International Conference on IT Innovation and Knowledge Discovery (ITIKD);2023-03-08

2. A Study of Crypto-ransomware Using Detection Techniques for Defense Research;Third Congress on Intelligent Systems;2023

3. Detect Compiler Inserted Run-time Security Checks in Binary Software;Information Security Practice and Experience;2022

4. A comprehensive survey of tools and techniques mitigating computer and mobile malware attacks;Computers & Electrical Engineering;2021-06

5. Getting Ahead of the Arms Race: Hothousing the Coevolution of VirusTotal with a Packer;Entropy;2021-03-26