Behavior Abstraction in Malware Analysis - Extended VersionReportar como inadecuado

Behavior Abstraction in Malware Analysis - Extended Version - Descarga este documento en PDF. Documentación en PDF para descargar gratis. Disponible también para leer online.

* Corresponding author 1 CARTE - Theoretical adverse computations, and safety Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods

Abstract : We present an approach for proactive malware detection by working on an abstract representation of a program behavior. Our technique consists in abstracting program traces, by rewriting given subtraces into abstract symbols representing their functionality. Traces are captured dynamically by code instrumentation in order to handle packed or self-modifying malware. Suspicious behaviors are detected by comparing trace abstractions to reference malicious behaviors. The expressive power of abstraction allows us to handle general suspicious behaviors rather than specific malware code and then, to detect malware mutations. We present and discuss an implementation validating our approach.

Keywords : malware behavioral detection abstraction trace rewriting finite state automaton formal language dynamic binary instrumentation

Autor: Philippe Beaucamps - Isabelle Gnaedig - Jean-Yves Marion -



Documentos relacionados