Malware Message Classification by Dynamic Analysis

Guillaume Bonfante 1 Jean-Yves Marion 1 Thanh Dinh Ta 1
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : The fact that new malware appear every day demands a strong response from anti-malware forces. For that sake, an analysis of new samples must be performed. Usually, one tries to replay the behavior of malware in a safe environment. However, some samples activate a malicious function only if they receive some particular inputs from its command and control server. The problem is then to get some grasp on the interactions between the malware and its environment. For that sake, we propose to work in four steps. First, we enumerate all possible execution path following the reception of a message. Second, we describe for all execution path the set of corresponding messages. Third, we build an automaton that discriminate types of runs given an arbitrary word. Finally, we unify some equivalent run, and simplify the underlying automaton.
Type de document :
Communication dans un congrès
The 7th International Symposium on Foundations and Practice of Security, Nov 2014, Montreal, Canada. Springer, 8930, pp.16, 2014
Liste complète des métadonnées

https://hal.inria.fr/hal-01099692
Contributeur : Guillaume Bonfante <>
Soumis le : lundi 5 janvier 2015 - 10:11:06
Dernière modification le : jeudi 11 janvier 2018 - 06:21:25

Identifiants

  • HAL Id : hal-01099692, version 1

Collections

Citation

Guillaume Bonfante, Jean-Yves Marion, Thanh Dinh Ta. Malware Message Classification by Dynamic Analysis. The 7th International Symposium on Foundations and Practice of Security, Nov 2014, Montreal, Canada. Springer, 8930, pp.16, 2014. 〈hal-01099692〉

Partager

Métriques

Consultations de la notice

200