Abstraction by Term Rewriting for Malware Behavior Analysis - Extended Version

Philippe Beaucamps 1, * Isabelle Gnaedig 1 Jean-Yves Marion 1
* Auteur correspondant
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : We propose a formal approach for behavioral analysis of programs based on dynamic analysis. It works by abstracting execution traces with respect to given behavior patterns in order to produce a high level representation of a program behavior and then, by comparing this abstract form to signatures defining reference abstract malicious behaviors. Abstraction is performed by term rewriting using rules on terms with variables, which enables to handle the data used by behavior functionalities. This technique allows us to deal with interleaved behaviors. Successfully applied to malware detection, it allows us in particular to model and detect information leak.
Type de document :
Rapport
[Research Report] 2010
Liste complète des métadonnées

Littérature citée [14 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/inria-00547884
Contributeur : Isabelle Gnaedig <>
Soumis le : mercredi 5 janvier 2011 - 17:33:25
Dernière modification le : jeudi 11 janvier 2018 - 06:21:25
Document(s) archivé(s) le : mercredi 6 avril 2011 - 03:24:37

Fichier

article-extended.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : inria-00547884, version 3

Collections

Citation

Philippe Beaucamps, Isabelle Gnaedig, Jean-Yves Marion. Abstraction by Term Rewriting for Malware Behavior Analysis - Extended Version. [Research Report] 2010. 〈inria-00547884v3〉

Partager

Métriques

Consultations de la notice

284

Téléchargements de fichiers

141