• DocumentCode
    3108058
  • Title

    Semantics-aware malware detection

  • Author

    Christodorescu, Mihai ; Jha, Somesh ; Seshia, Sanjit A. ; Song, Dawn ; Bryant, Randal E.

  • Author_Institution
    Wisconsin Univ., Madison, WI, USA
  • fYear
    2005
  • fDate
    8-11 May 2005
  • Firstpage
    32
  • Lastpage
    46
  • Abstract
    A malware detector is a system that attempts to determine whether a program has malicious intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to morph malware. Malware detectors that use a pattern-matching approach (such as commercial virus scanners) are susceptible to obfuscations used by hackers. The fundamental deficiency in the pattern-matching approach to malware detection is that it is purely syntactic and ignores the semantics of instructions. In this paper, we present a malware-detection algorithm that addresses this deficiency by incorporating instruction semantics to detect malicious program traits. Experimental evaluation demonstrates that our malware-detection algorithm can detect variants of malware with a relatively low run-time overhead. Moreover our semantics-aware malware detection algorithm is resilient to common obfuscations used by hackers.
  • Keywords
    computer crime; invasive software; programming language semantics; hackers; instruction semantics; malicious program traits; malware detector; obfuscation; semantics-aware malware detection; Computer hacking; Computer viruses; Computer worms; Contracts; Cryptography; Detection algorithms; Detectors; Government; Runtime; Viruses (medical);
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security and Privacy, 2005 IEEE Symposium on
  • ISSN
    1081-6011
  • Print_ISBN
    0-7695-2339-0
  • Type

    conf

  • DOI
    10.1109/SP.2005.20
  • Filename
    1425057