Abstract
We propose a formal approach for the detection of high-level malware behaviors. Our technique uses a rewriting-based abstraction mechanism, producing abstracted forms of program traces, independent of the program implementation. It then allows us to handle similar behaviors in a generic way and thus to be robust with respect to variants. These behaviors, defined as combinations of patterns given in a signature, are detected by model-checking on the high-level representation of the program. We work on unbounded sets of traces, which makes our technique useful not only for dynamic analysis, considering one trace at a time, but also for static analysis, considering a set of traces inferred from a control flow graph. Abstracting traces with rewriting systems on first order terms with variables allows us in particular to model dataflow and to detect information leak. © 2012 Springer-Verlag.
Author supplied keywords
Cite
CITATION STYLE
Beaucamps, P., Gnaedig, I., & Marion, J. Y. (2012). Abstraction-based malware analysis using rewriting and model checking. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7459 LNCS, pp. 806–823). https://doi.org/10.1007/978-3-642-33167-1_46
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
