Behavior Analysis of Malware by Rewriting-based Abstraction - Extended Version

Philippe Beaucamps 1 Isabelle Gnaedig 1 Jean-Yves Marion 1
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : We propose a formal approach for the detection of high-level program behaviors. These behaviors, defined as combinations of patterns in a signature, are detected by model-checking on abstracted forms of program traces. Our approach works on unbounded sets of traces, which makes our technique useful not only for dynamic analysis, considering one trace at a time, but also for static analysis, considering a set of traces inferred from a control flow graph. Our technique uses a rewriting-based abstraction mechanism, producing a high-level representation of the program behavior, independent of the program implementation. It allows us to handle similar behaviors in a generic way and thus to be robust with respect to variants. Successfully applied to malware detection, our approach allows us in particular to model and detect information leak.
Type de document :
[Research Report] 2011
Liste complète des métadonnées

Littérature citée [25 références]  Voir  Masquer  Télécharger
Contributeur : Isabelle Gnaedig <>
Soumis le : vendredi 20 mai 2011 - 16:34:21
Dernière modification le : jeudi 11 janvier 2018 - 06:21:25
Document(s) archivé(s) le : vendredi 9 novembre 2012 - 11:46:22


Fichiers produits par l'(les) auteur(s)


  • HAL Id : inria-00594396, version 1



Philippe Beaucamps, Isabelle Gnaedig, Jean-Yves Marion. Behavior Analysis of Malware by Rewriting-based Abstraction - Extended Version. [Research Report] 2011. 〈inria-00594396〉



Consultations de la notice


Téléchargements de fichiers