Title :
A transformation-based model of malware derivation
Author :
Walenstein, A. ; Lakhotia, Arun
Author_Institution :
Sch. of Comput. Sci. & Inf., Univ. of Louisiana at Lafayette, Lafayette, LA, USA
Abstract :
Since most malware is derived from prior code, understanding malware derivation and evolution is essential for many types of malware analysis. However prior models of malware relationships are insufficiently precise or fail to capture important relationships. A framework is proposed that treats both production and evolution uniformly as compositions of code transformations, and distinguishes disjoint but interleaved evolution of production code and malware code. Evolution relations are defined in terms of path patterns on derivation graphs; this generalizes and formalizes the relationship between phylogenies and provenance graphs. The comprehensiveness of the modeling framework is demonstrated using examples from the literature; implications for future work in relationship reconstruction are drawn.
Keywords :
invasive software; malware analysis; malware derivation; malware evolution; malware relationship; phylogeny; provenance graph; transformation-based model; Bioinformatics; Genomics; Malware; Phylogeny; Production; Software; attribution; derivation; evolution; genome; malware; phylogeny; polymorphism; provenance;
Conference_Titel :
Malicious and Unwanted Software (MALWARE), 2012 7th International Conference on
Conference_Location :
Fajardo, PR
Print_ISBN :
978-1-4673-4880-5
DOI :
10.1109/MALWARE.2012.6461003