مرکز منطقه ای اطلاع رساني علوم و فناوري - Automated extraction of polymorphic virus signatures using abstract interpretation

DocumentCode :

2027387

Title :

Automated extraction of polymorphic virus signatures using abstract interpretation

Author :

Chaumette, Serge ; Ly, Olivier ; Tabary, Renaud

Author_Institution :

Lab. Bordelais de Rech. en Inf., Univ. of Bordeaux, Bordeaux, France

fYear :

2011

fDate :

6-8 Sept. 2011

Firstpage :

Lastpage :

Abstract :

In this paper, we present a novel approach for the detection and signature extraction for a subclass of polymorphic computer viruses. Our detection scheme offers 0 false negative and a very low false positives detection rate. We use context-free grammars as viral signatures, and design a process able to extract this signature from a single sample of a virus. Signature extraction is achieved through a light manual information gathering process, followed by an automatic static analysis of the binary code of the virus mutation engine.

Keywords :

computer viruses; context-free grammars; abstract interpretation; automatic static analysis; binary code; context-free grammars; light manual information gathering process; polymorphic computer virus signature automated extraction; viral signatures; virus mutation engine; Engines; Grammar; Malware; Manuals; Registers; Semantics; Viruses (medical); abstract interpretation; binary program analysis; virus detection; virus signatures extraction;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Network and System Security (NSS), 2011 5th International Conference on

Conference_Location :

Milan

Print_ISBN :

978-1-4577-0458-1

Type :

conf

DOI :

10.1109/ICNSS.2011.6059958

Filename :

6059958

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2027387