Abstraction by Term Rewriting for Malware Behavior Analysis - Extended VersionReportar como inadecuado




Abstraction by Term Rewriting for Malware Behavior Analysis - Extended Version - Descarga este documento en PDF. Documentación en PDF para descargar gratis. Disponible también para leer online.

* Corresponding author 1 CARTE - Theoretical adverse computations, and safety Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods

Abstract : We propose a formal approach for behavioral analysis of programs based on dynamic analysis. It works by abstracting execution traces with respect to given behavior patterns in order to produce a high level representation of a program behavior and then, by comparing this abstract form to signatures defining reference abstract malicious behaviors. Abstraction is performed by term rewriting using rules on terms with variables, which enables to handle the data used by behavior functionalities. This technique allows us to deal with interleaved behaviors. Successfully applied to malware detection, it allows us in particular to model and detect information leak.

Keywords : malware behavioral detection abstraction trace term rewriting finite state automaton formal language dynamic binary instrumentation temporal logic information leak





Autor: Philippe Beaucamps - Isabelle Gnaedig - Jean-Yves Marion -

Fuente: https://hal.archives-ouvertes.fr/



DESCARGAR PDF




Documentos relacionados