Skip to Main content Skip to Navigation
New interface
Conference papers

Malware Message Classification by Dynamic Analysis

Guillaume Bonfante 1 Jean-Yves Marion 1 Thanh Dinh Ta 1 
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : The fact that new malware appear every day demands a strong response from anti-malware forces. For that sake, an analysis of new samples must be performed. Usually, one tries to replay the behavior of malware in a safe environment. However, some samples activate a malicious function only if they receive some particular inputs from its command and control server. The problem is then to get some grasp on the interactions between the malware and its environment. For that sake, we propose to work in four steps. First, we enumerate all possible execution path following the reception of a message. Second, we describe for all execution path the set of corresponding messages. Third, we build an automaton that discriminate types of runs given an arbitrary word. Finally, we unify some equivalent run, and simplify the underlying automaton.
Complete list of metadata
Contributor : Guillaume Bonfante Connect in order to contact the contributor
Submitted on : Monday, January 5, 2015 - 10:11:06 AM
Last modification on : Saturday, June 25, 2022 - 7:41:55 PM


  • HAL Id : hal-01099692, version 1



Guillaume Bonfante, Jean-Yves Marion, Thanh Dinh Ta. Malware Message Classification by Dynamic Analysis. The 7th International Symposium on Foundations and Practice of Security, Nov 2014, Montreal, Canada. pp.16. ⟨hal-01099692⟩



Record views