• DocumentCode
    2027387
  • Title

    Automated extraction of polymorphic virus signatures using abstract interpretation

  • Author

    Chaumette, Serge ; Ly, Olivier ; Tabary, Renaud

  • Author_Institution
    Lab. Bordelais de Rech. en Inf., Univ. of Bordeaux, Bordeaux, France
  • fYear
    2011
  • fDate
    6-8 Sept. 2011
  • Firstpage
    41
  • Lastpage
    48
  • Abstract
    In this paper, we present a novel approach for the detection and signature extraction for a subclass of polymorphic computer viruses. Our detection scheme offers 0 false negative and a very low false positives detection rate. We use context-free grammars as viral signatures, and design a process able to extract this signature from a single sample of a virus. Signature extraction is achieved through a light manual information gathering process, followed by an automatic static analysis of the binary code of the virus mutation engine.
  • Keywords
    computer viruses; context-free grammars; abstract interpretation; automatic static analysis; binary code; context-free grammars; light manual information gathering process; polymorphic computer virus signature automated extraction; viral signatures; virus mutation engine; Engines; Grammar; Malware; Manuals; Registers; Semantics; Viruses (medical); abstract interpretation; binary program analysis; virus detection; virus signatures extraction;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Network and System Security (NSS), 2011 5th International Conference on
  • Conference_Location
    Milan
  • Print_ISBN
    978-1-4577-0458-1
  • Type

    conf

  • DOI
    10.1109/ICNSS.2011.6059958
  • Filename
    6059958
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2027387