• DocumentCode
    595558
  • Title

    A transformation-based model of malware derivation

  • Author

    Walenstein, A. ; Lakhotia, Arun

  • Author_Institution
    Sch. of Comput. Sci. & Inf., Univ. of Louisiana at Lafayette, Lafayette, LA, USA
  • fYear
    2012
  • fDate
    16-18 Oct. 2012
  • Firstpage
    17
  • Lastpage
    25
  • Abstract
    Since most malware is derived from prior code, understanding malware derivation and evolution is essential for many types of malware analysis. However prior models of malware relationships are insufficiently precise or fail to capture important relationships. A framework is proposed that treats both production and evolution uniformly as compositions of code transformations, and distinguishes disjoint but interleaved evolution of production code and malware code. Evolution relations are defined in terms of path patterns on derivation graphs; this generalizes and formalizes the relationship between phylogenies and provenance graphs. The comprehensiveness of the modeling framework is demonstrated using examples from the literature; implications for future work in relationship reconstruction are drawn.
  • Keywords
    invasive software; malware analysis; malware derivation; malware evolution; malware relationship; phylogeny; provenance graph; transformation-based model; Bioinformatics; Genomics; Malware; Phylogeny; Production; Software; attribution; derivation; evolution; genome; malware; phylogeny; polymorphism; provenance;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Malicious and Unwanted Software (MALWARE), 2012 7th International Conference on
  • Conference_Location
    Fajardo, PR
  • Print_ISBN
    978-1-4673-4880-5
  • Type

    conf

  • DOI
    10.1109/MALWARE.2012.6461003
  • Filename
    6461003
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=595558