Behavior Analysis of Malicious Code by Weighted Behavior Abstraction

Philippe Beaucamps 1 Isabelle Gnaedig 1 Jean-Yves Marion 1
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : This work is a weighted generalization of the abstraction based analysis technique we previously proposed for the detection of high-level malware behaviors. Our approach, using a rewriting-based abstraction mechanism, produces abstracted forms of program traces, independent of the program implementation. The suspicious behaviors to be recognized, defined as combinations of patterns given in a signature, are detected by model-checking on the high-level representation of the program. Introducing weights in this approach allows us to express a pertinence degree of detection when analysis of the program results in an incomplete or uncertain program dataflow, or when abstraction cannot be performed reliably.
Type de document :
Rapport
[Research Report] 2013
Liste complète des métadonnées

Littérature citée [15 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-00803412
Contributeur : Isabelle Gnaedig <>
Soumis le : jeudi 21 mars 2013 - 19:39:00
Dernière modification le : jeudi 11 janvier 2018 - 06:21:25
Document(s) archivé(s) le : dimanche 2 avril 2017 - 18:26:20

Fichier

pondere-hal.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-00803412, version 1

Collections

Citation

Philippe Beaucamps, Isabelle Gnaedig, Jean-Yves Marion. Behavior Analysis of Malicious Code by Weighted Behavior Abstraction. [Research Report] 2013. 〈hal-00803412〉

Partager

Métriques

Consultations de la notice

553

Téléchargements de fichiers

142