Architecture of a Morphological Malware Detector

Guillaume Bonfante 1 Matthieu Kaczmarek 1 Jean-Yves Marion 1
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Most of malware detectors are based on syntactic signatures that identify known malicious programs. Up to now this architecture has been sufficiently efficient to overcome most of malware attacks. Nevertheless, the complexity of malicious codes still increase. As a result the time required to reverse engineer malicious programs and to forge new signatures is increasingly longer. This study proposes an efficient construction of a morphological malware detector, that is a detector which associates syntactic and semantic analysis. It aims at facilitating the task of malware analysts providing some abstraction on the signature representation which is based on control flow graphs (CFG). We build an efficient signature matching engine over tree automata techniques. Moreover we describe a generic graph rewriting engine in order to deal with classic mutations techniques. Finally, we provide a preliminary evaluation of the strategy detection carrying out experiments on a malware collection.
Type de document :
Article dans une revue
Journal in Computer Virology, Springer Verlag, 2009, 5 (3), pp.263-270. 〈10.1007/s11416-008-0102-4〉
Liste complète des métadonnées

Littérature citée [12 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/inria-00330022
Contributeur : Matthieu Kaczmarek <>
Soumis le : lundi 13 octobre 2008 - 21:47:51
Dernière modification le : jeudi 11 janvier 2018 - 06:21:25
Document(s) archivé(s) le : mardi 9 octobre 2012 - 12:06:37

Fichier

flowgraph.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Guillaume Bonfante, Matthieu Kaczmarek, Jean-Yves Marion. Architecture of a Morphological Malware Detector. Journal in Computer Virology, Springer Verlag, 2009, 5 (3), pp.263-270. 〈10.1007/s11416-008-0102-4〉. 〈inria-00330022〉

Partager

Métriques

Consultations de la notice

329

Téléchargements de fichiers

494