MAIL: Malware Analysis Intermediate Language: a step towards automating and optimizing malware detection - Citegraph

Paper Info

Title
MAIL: Malware Analysis Intermediate Language: a step towards automating and optimizing malware detection

Abstract
Dynamic binary obfuscation or metamorphism is a technique where a malware never keeps the same sequence of opcodes in the memory. Such malware are very difficult to analyse and detect manually even with the help of tools. We need to automate the analysis and detection process of such malware. This paper introduces and presents a new language named MAIL (Malware Analysis Intermediate Language) to automate and optimize this process. MAIL also provides portability for building malware analysis and detection tools. Each MAIL statement is assigned a pattern that can be used to annotate a control flow graph for pattern matching to analyse and detect metamorphic malware. Experimental evaluation of the proposed approach using an existing dataset yields malware detection rate of 93.92% and false positive rate of 3.02%.

Year	DOI	Venue
2013	10.1145/2523514.2527006	SIN
Keywords	Field	DocType
malware analysis intermediate language,malware detection,mail statement,malware analysis,metamorphic malware,detection rate,control flow graph,detection process,false positive rate,detection tool,dynamic binary obfuscation	Cryptovirology,Opcode,Control flow graph,Computer science,Computer security,Software portability,Malware,Obfuscation,Pattern matching,Malware analysis	Conference
Citations	PageRank	References
11	0.55	21
Authors
3

Authors (3 rows)

Cited by (11 rows)

References (21 rows)

Name	Order	Citations	PageRank
Shahid Alam	1	16	1.64
R. Nigel Horspool	2	643	115.14
Issa Traore	3	306	32.31

1