Skip to Main content Skip to Navigation
Conference papers

A Categorical Treatment of Malicious Behavioral Obfuscation

Romain Péchoux 1 Thanh Dinh Ta 1
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : This paper studies malicious behavioral obfuscation through the use of a new abstract model for process and kernel interactions based on monoidal categories. In this model, program observations are consid-ered to be finite lists of system call invocations. In a first step, we show how malicious behaviors can be obfuscated by simulating the observa-tions of benign programs. In a second step, we show how to generate such malicious behaviors through a technique called path replaying and we extend the class of captured malwares by using some algorithmic transformations on morphisms graphical representation. In a last step, we show that all the obfuscated versions we obtained can be used to detect well-known malwares in practice.
Document type :
Conference papers
Complete list of metadatas

Cited literature [15 references]  Display  Hide  Download

https://hal.inria.fr/hal-01084041
Contributor : Romain Péchoux <>
Submitted on : Tuesday, November 18, 2014 - 1:52:11 PM
Last modification on : Tuesday, December 18, 2018 - 4:48:02 PM
Long-term archiving on: : Thursday, February 19, 2015 - 11:41:46 AM

File

paper48-Ta-Pechoux.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Romain Péchoux, Thanh Dinh Ta. A Categorical Treatment of Malicious Behavioral Obfuscation. TAMC 2014, Apr 2014, Chennai, India. pp.280 - 299, ⟨10.1007/978-3-319-06089-7_20⟩. ⟨hal-01084041⟩

Share

Metrics

Record views

197

Files downloads

423