Skip to Main content Skip to Navigation
Conference papers

Behavior Abstraction in Malware Analysis

Philippe Beaucamps 1, * Isabelle Gnaedig 1 Jean-Yves Marion 1
* Corresponding author
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : We present an approach for proactive malware detection by working on an abstract representation of a program behavior. Our technique consists in abstracting program traces, by rewriting given subtraces into abstract symbols representing their functionality. Traces are captured dynamically by code instrumentation in order to handle packed or self-modifying malware. Suspicious behaviors are detected by comparing trace abstractions to reference malicious behaviors. The expressive power of abstraction allows us to handle general suspicious behaviors rather than specific malware code and then, to detect malware mutations. We present and discuss an implementation validating our approach.
Document type :
Conference papers
Complete list of metadatas

Cited literature [21 references]  Display  Hide  Download

https://hal.inria.fr/inria-00536500
Contributor : Isabelle Gnaedig <>
Submitted on : Wednesday, October 10, 2018 - 2:16:31 PM
Last modification on : Tuesday, May 5, 2020 - 5:02:14 PM
Long-term archiving on: : Friday, January 11, 2019 - 3:49:35 PM

File

RV-preprint.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Philippe Beaucamps, Isabelle Gnaedig, Jean-Yves Marion. Behavior Abstraction in Malware Analysis. 1st International Conference on Runtime Verification, Howard Barringer, Klaus Havelund, Insup Lee, Nov 2010, St. Julians, Malta. pp.168-182, ⟨10.1007/978-3-642-16612-9_14⟩. ⟨inria-00536500⟩

Share

Metrics

Record views

503

Files downloads

344