DocumentCode
3002285
Title
Detection of global, metamorphic malware variants using control and data flow analysis
Author
Agrawal, Himanshu ; Bahler, L. ; Micallef, J. ; Snyder, S. ; Virodov, A.
Author_Institution
Appl. Commun. Sci., Piscataway, NJ, USA
fYear
2012
fDate
Oct. 29 2012-Nov. 1 2012
Firstpage
1
Lastpage
6
Abstract
Current malware detection and classification tools fail to adequately address variants that are generated automatically using new polymorphic and metamorphic transformation engines that can produce variants that bear no resemblance to one another. Current approaches address this problem by employing syntactic signatures that mimic the underlying control structures such as call- and flow-graphs. These techniques, however, are easily defeated using new program diversification techniques. This hampers our ability to defend against zero day attacks perpetrated by such auto “replicating”, rapidly spreading malware variants. In this paper, we present a new form of abstract malware signature generation that is based on extracting semantic summaries of malware code that is immune to most polymorphic and metamorphic transformations. We also present results of our initial, experimental evaluation of the proposed approach.
Keywords
invasive software; military communication; data flow analysis; diversification techniques; global detection; malware classification tools; malware code; malware detection; metamorphic malware variants; metamorphic transformation engines; metamorphic transformations; polymorphic transformation engines; syntactic signatures; Abstracts; Flow graphs; Libraries; Malware; Matrix converters; Semantics; Transforms; cyber security; malware detection; polymorphic and metamorphic viruses and worms; program analysis;
fLanguage
English
Publisher
ieee
Conference_Titel
MILITARY COMMUNICATIONS CONFERENCE, 2012 - MILCOM 2012
Conference_Location
Orlando, FL
ISSN
2155-7578
Print_ISBN
978-1-4673-1729-0
Type
conf
DOI
10.1109/MILCOM.2012.6415581
Filename
6415581
Link To Document