Abstract | ||
---|---|---|
A malware detector is a system that attempts to determine whether a program has malicious intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to morph malware. Malware detectors that use a pattern-matching approach (such as commercial virus scanners) are susceptible to obfuscations used by hackers. The fundamental deficiency in the pattern-matching approach to malware detection is that it is purely syntactic and ignores the semantics of instructions. In this paper, we present a malware-detection algorithm that addresses this deficiency by incorporating instruction semantics to detect malicious program traits. Experimental evaluation demonstrates that our malware-detection algorithm can detect variants of malware with a relatively low run-time overhead. Moreover, our semantics-aware malware detection algorithm is resilient to common obfuscations used by hackers. |
Year | DOI | Venue |
---|---|---|
2005 | 10.1109/SP.2005.20 | IEEE Symposium on Security and Privacy |
Keywords | Field | DocType |
semantics-aware malware detection,commercial virus scanner,malicious intent,malicious program trait,instruction semantics,semantics-aware malware detection algorithm,malware detector,pattern-matching approach,fundamental deficiency,malware writer,malware-detection algorithm,computer viruses,hackers,computer worms,government,obfuscation,cryptography,detectors | Cryptovirology,Computer security,Cryptography,Computer science,Computer virus,Computer worm,Hacker,Obfuscation,Malware,Cyber-collection | Conference |
ISSN | ISBN | Citations |
1081-6011 | 0-7695-2339-0 | 205 |
PageRank | References | Authors |
25.01 | 20 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Mihai Christodorescu | 1 | 1163 | 85.97 |
S. Jha | 2 | 7921 | 539.19 |
Sanjit A. Seshia | 3 | 2226 | 168.09 |
Dawn Song | 4 | 7084 | 442.36 |
Randal E. Bryant | 5 | 9204 | 1194.64 |