Semantics-aware malware detection

A malware detector is a system that attempts to determine whether a program has malicious intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to morph malware. Malware detectors that use a pattern-matching approach (such as commercial virus scanners) are suscept...

Full description

Saved in:
Bibliographic Details
Main Authors: Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.
Format: Conference Proceeding
Language:English
Subjects:
Computer hacking
Computer viruses
Computer worms
Contracts
Cryptography
Detection algorithms
Detectors
Government
Runtime
Citations: Items that cite this one
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:A malware detector is a system that attempts to determine whether a program has malicious intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to morph malware. Malware detectors that use a pattern-matching approach (such as commercial virus scanners) are susceptible to obfuscations used by hackers. The fundamental deficiency in the pattern-matching approach to malware detection is that it is purely syntactic and ignores the semantics of instructions. In this paper, we present a malware-detection algorithm that addresses this deficiency by incorporating instruction semantics to detect malicious program traits. Experimental evaluation demonstrates that our malware-detection algorithm can detect variants of malware with a relatively low run-time overhead. Moreover our semantics-aware malware detection algorithm is resilient to common obfuscations used by hackers.
ISSN:1081-6011
2375-1207
DOI:10.1109/SP.2005.20