Behavior Analysis of Malicious Code by Weighted Behavior Abstraction - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Rapport (Rapport De Recherche) Année : 2013

Behavior Analysis of Malicious Code by Weighted Behavior Abstraction

Résumé

This work is a weighted generalization of the abstraction based analysis technique we previously proposed for the detection of high-level malware behaviors. Our approach, using a rewriting-based abstraction mechanism, produces abstracted forms of program traces, independent of the program implementation. The suspicious behaviors to be recognized, defined as combinations of patterns given in a signature, are detected by model-checking on the high-level representation of the program. Introducing weights in this approach allows us to express a pertinence degree of detection when analysis of the program results in an incomplete or uncertain program dataflow, or when abstraction cannot be performed reliably.
Fichier principal
Vignette du fichier
pondere-hal.pdf (466.66 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-00803412 , version 1 (21-03-2013)

Identifiants

  • HAL Id : hal-00803412 , version 1

Citer

Philippe Beaucamps, Isabelle Gnaedig, Jean-Yves Marion. Behavior Analysis of Malicious Code by Weighted Behavior Abstraction. [Research Report] 2013. ⟨hal-00803412⟩
306 Consultations
112 Téléchargements

Partager

Gmail Facebook X LinkedIn More