Skip to Main content Skip to Navigation
Reports

Behavior Analysis of Malicious Code by Weighted Behavior Abstraction

Philippe Beaucamps 1 Isabelle Gnaedig 1 Jean-Yves Marion 1
1 CARTE - Theoretical adverse computations, and safety
LORIA - FM - Department of Formal Methods , Inria Nancy - Grand Est
Abstract : This work is a weighted generalization of the abstraction based analysis technique we previously proposed for the detection of high-level malware behaviors. Our approach, using a rewriting-based abstraction mechanism, produces abstracted forms of program traces, independent of the program implementation. The suspicious behaviors to be recognized, defined as combinations of patterns given in a signature, are detected by model-checking on the high-level representation of the program. Introducing weights in this approach allows us to express a pertinence degree of detection when analysis of the program results in an incomplete or uncertain program dataflow, or when abstraction cannot be performed reliably.
Document type :
Reports
Complete list of metadata

Cited literature [15 references]  Display  Hide  Download

https://hal.inria.fr/hal-00803412
Contributor : Isabelle Gnaedig Connect in order to contact the contributor
Submitted on : Thursday, March 21, 2013 - 7:39:00 PM
Last modification on : Saturday, October 16, 2021 - 11:26:05 AM
Long-term archiving on: : Sunday, April 2, 2017 - 6:26:20 PM

File

pondere-hal.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-00803412, version 1

Collections

Citation

Philippe Beaucamps, Isabelle Gnaedig, Jean-Yves Marion. Behavior Analysis of Malicious Code by Weighted Behavior Abstraction. [Research Report] 2013. ⟨hal-00803412⟩

Share

Metrics

Record views

632

Files downloads

300