Behavior Abstraction in Malware Analysis

Philippe Beaucamps 1, * Isabelle Gnaedig 1 Jean-Yves Marion 1
* Auteur correspondant
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : We present an approach for proactive malware detection by working on an abstract representation of a program behavior. Our technique consists in abstracting program traces, by rewriting given subtraces into abstract symbols representing their functionality. Traces are captured dynamically by code instrumentation in order to handle packed or self-modifying malware. Suspicious behaviors are detected by comparing trace abstractions to reference malicious behaviors. The expressive power of abstraction allows us to handle general suspicious behaviors rather than specific malware code and then, to detect malware mutations. We present and discuss an implementation validating our approach.
Type de document :
Communication dans un congrès
Grigore Rosu; Oleg Sokolsky. 1st International Conference on Runtime Verification, Nov 2010, St. Julians, Malta. Springer-Verlag, 6418, pp.168-182, 2010, Lecture Notes in Computer Science. 〈10.1007/978-3-642-16612-9_14〉
Liste complète des métadonnées

https://hal.inria.fr/inria-00536500
Contributeur : Isabelle Gnaedig <>
Soumis le : mercredi 10 octobre 2018 - 14:16:31
Dernière modification le : vendredi 26 octobre 2018 - 09:18:07

Fichier

RV-preprint.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Philippe Beaucamps, Isabelle Gnaedig, Jean-Yves Marion. Behavior Abstraction in Malware Analysis. Grigore Rosu; Oleg Sokolsky. 1st International Conference on Runtime Verification, Nov 2010, St. Julians, Malta. Springer-Verlag, 6418, pp.168-182, 2010, Lecture Notes in Computer Science. 〈10.1007/978-3-642-16612-9_14〉. 〈inria-00536500〉

Partager

Métriques

Consultations de la notice

395

Téléchargements de fichiers

9