Abstraction-based Malware Analysis Using Rewriting and Model Checking

Philippe Beaucamps 1 Isabelle Gnaedig 1, * Jean-Yves Marion 1
* Auteur correspondant
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : We propose a formal approach for the detection of high-level malware behaviors. Our technique uses a rewriting-based abstraction mechanism, producing abstracted forms of program traces, independent of the program implementation. It then allows us to handle similar be- haviors in a generic way and thus to be robust with respect to variants. These behaviors, defined as combinations of patterns given in a signa- ture, are detected by model-checking on the high-level representation of the program. We work on unbounded sets of traces, which makes our technique useful not only for dynamic analysis, considering one trace at a time, but also for static analysis, considering a set of traces inferred from a control flow graph. Abstracting traces with rewriting systems on first order terms with variables allows us in particular to model dataflow and to detect information leak.
Type de document :
Communication dans un congrès
Sara Foresti and MotiYung and Fabio Martinelli. ESORICS - 17th European Symposium on Research in Computer Security - 2012, Sep 2012, Pisa, Italy. Springer, 7459, pp.806-823, 2012, Lecture Notes in Computer Science. 〈10.1007/978-3-642-33167-1〉
Liste complète des métadonnées

Littérature citée [25 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-00762252
Contributeur : Isabelle Gnaedig <>
Soumis le : lundi 10 décembre 2012 - 16:36:26
Dernière modification le : jeudi 11 janvier 2018 - 06:21:25
Document(s) archivé(s) le : lundi 11 mars 2013 - 11:25:35

Fichier

esorics-definitif.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Philippe Beaucamps, Isabelle Gnaedig, Jean-Yves Marion. Abstraction-based Malware Analysis Using Rewriting and Model Checking. Sara Foresti and MotiYung and Fabio Martinelli. ESORICS - 17th European Symposium on Research in Computer Security - 2012, Sep 2012, Pisa, Italy. Springer, 7459, pp.806-823, 2012, Lecture Notes in Computer Science. 〈10.1007/978-3-642-33167-1〉. 〈hal-00762252〉

Partager

Métriques

Consultations de la notice

324

Téléchargements de fichiers

712