Skip to Main content Skip to Navigation
Conference papers

A Categorical Treatment of Malicious Behavioral Obfuscation

Romain Péchoux 1 Thanh Dinh Ta 1
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : This paper studies malicious behavioral obfuscation through the use of a new abstract model for process and kernel interactions based on monoidal categories. In this model, program observations are consid-ered to be finite lists of system call invocations. In a first step, we show how malicious behaviors can be obfuscated by simulating the observa-tions of benign programs. In a second step, we show how to generate such malicious behaviors through a technique called path replaying and we extend the class of captured malwares by using some algorithmic transformations on morphisms graphical representation. In a last step, we show that all the obfuscated versions we obtained can be used to detect well-known malwares in practice.
Document type :
Conference papers
Complete list of metadata

Cited literature [15 references]  Display  Hide  Download
Contributor : Romain Péchoux Connect in order to contact the contributor
Submitted on : Tuesday, November 18, 2014 - 1:52:11 PM
Last modification on : Saturday, October 16, 2021 - 11:26:05 AM
Long-term archiving on: : Thursday, February 19, 2015 - 11:41:46 AM


Files produced by the author(s)




Romain Péchoux, Thanh Dinh Ta. A Categorical Treatment of Malicious Behavioral Obfuscation. TAMC 2014, Apr 2014, Chennai, India. pp.280 - 299, ⟨10.1007/978-3-319-06089-7_20⟩. ⟨hal-01084041⟩



Les métriques sont temporairement indisponibles