Title | ||
---|---|---|
MAIL: Malware Analysis Intermediate Language: a step towards automating and optimizing malware detection |
Abstract | ||
---|---|---|
Dynamic binary obfuscation or metamorphism is a technique where a malware never keeps the same sequence of opcodes in the memory. Such malware are very difficult to analyse and detect manually even with the help of tools. We need to automate the analysis and detection process of such malware. This paper introduces and presents a new language named MAIL (Malware Analysis Intermediate Language) to automate and optimize this process. MAIL also provides portability for building malware analysis and detection tools. Each MAIL statement is assigned a pattern that can be used to annotate a control flow graph for pattern matching to analyse and detect metamorphic malware. Experimental evaluation of the proposed approach using an existing dataset yields malware detection rate of 93.92% and false positive rate of 3.02%. |
Year | DOI | Venue |
---|---|---|
2013 | 10.1145/2523514.2527006 | SIN |
Keywords | Field | DocType |
malware analysis intermediate language,malware detection,mail statement,malware analysis,metamorphic malware,detection rate,control flow graph,detection process,false positive rate,detection tool,dynamic binary obfuscation | Cryptovirology,Opcode,Control flow graph,Computer science,Computer security,Software portability,Malware,Obfuscation,Pattern matching,Malware analysis | Conference |
Citations | PageRank | References |
11 | 0.55 | 21 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Shahid Alam | 1 | 16 | 1.64 |
R. Nigel Horspool | 2 | 643 | 115.14 |
Issa Traore | 3 | 306 | 32.31 |