Skip to Main content Skip to Navigation
Conference papers

Malware Message Classification by Dynamic Analysis

Guillaume Bonfante 1 Jean-Yves Marion 1 Thanh Dinh Ta 1
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : The fact that new malware appear every day demands a strong response from anti-malware forces. For that sake, an analysis of new samples must be performed. Usually, one tries to replay the behavior of malware in a safe environment. However, some samples activate a malicious function only if they receive some particular inputs from its command and control server. The problem is then to get some grasp on the interactions between the malware and its environment. For that sake, we propose to work in four steps. First, we enumerate all possible execution path following the reception of a message. Second, we describe for all execution path the set of corresponding messages. Third, we build an automaton that discriminate types of runs given an arbitrary word. Finally, we unify some equivalent run, and simplify the underlying automaton.
Complete list of metadatas

https://hal.inria.fr/hal-01099692
Contributor : Guillaume Bonfante <>
Submitted on : Monday, January 5, 2015 - 10:11:06 AM
Last modification on : Tuesday, May 5, 2020 - 5:02:15 PM

Identifiers

  • HAL Id : hal-01099692, version 1

Collections

Citation

Guillaume Bonfante, Jean-Yves Marion, Thanh Dinh Ta. Malware Message Classification by Dynamic Analysis. The 7th International Symposium on Foundations and Practice of Security, Nov 2014, Montreal, Canada. pp.16. ⟨hal-01099692⟩

Share

Metrics

Record views

291