Title :
Formal Abstraction of Semantics for Detecting Malicious Code
Author :
Zhang, Jingbo ; Zhao, Rongcai ; Pang, Jianmin ; Fu, Wen
Author_Institution :
Nat. Digital Switching Syst. Eng. & Technol. Res. Center, Zhengzhou
Abstract :
Semantics-based malware detection is a considerable technique to find out the semantically equivalent malicious codes with different layout. This paper presents an abstraction of instructions from lower-level program form to an intermediate representation which describes the program semantics. This abstraction is depended on decompilation technology. We detect malicious code based on patterns, which are obtained by previous experience of malware analysis, and build on top of the abstraction above. At last, we evaluate our method informally, and the result shows that our method is more resilient to detect obfuscated malicious code transformed by several obfuscation policies.
Keywords :
invasive software; program diagnostics; programming language semantics; lower-level program; malicious code detection; malware analysis; program semantics; semantics formal abstraction; semantics-based malware detection; Cities and towns; Computer science; Computer security; Information security; Pattern analysis; Protection; Software design; Software engineering; Switching systems; Systems engineering and theory;
Conference_Titel :
Computer Science and Software Engineering, 2008 International Conference on
Conference_Location :
Wuhan, Hubei
Print_ISBN :
978-0-7695-3336-0
DOI :
10.1109/CSSE.2008.990
