[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/1858378.1858443acmotherconferencesArticle/Chapter ViewAbstractPublication Pagesa2cwicConference Proceedingsconference-collections
short-paper

Malware detection using assembly code and control flow graph optimization

Published: 16 September 2010 Publication History

Abstract

Malware detection is a crucial aspect of software security. A malware detector is a system that attempts to determine whether a program has malicious intent. Current malware detectors work by checking for signatures, which attempt to capture the syntactic characteristics of the machine level byte sequence of the malware. This syntactic approach makes current detectors vulnerable to code obfuscations, increasingly used by malware writers that alter the syntactic properties of the malware byte sequence without significantly affecting their execution behavior.
This paper derives from the idea that the key to malware identification lies in their syntactic as well as semantic features. It explains an approach using control flow graphs (CFG) for malware detectors. We present an architecture for detecting malicious patterns in executables that is resilient to common obfuscation transformations.

References

[1]
}}A. Sung, J. Xu, P. Chavez, and S. Mukkamala, 2004. Static analyzer of vicious executables (save). Proc. 20th Annu. Comput. Security Appl. Conf., 326--334.
[2]
}}Danilo Bruschi, Lorenzo Martignoni, Mattia Monga, 2006. Using Code Normalization for Fighting Self-Mutating Malware. Proceedings of International Symposium on Secure Software Engineering.
[3]
}}M. Christodorescu and S. Jha. 2003. Static analysis of executables to detect malicious patterns. Proceedings of USENIX Security Symposium, Aug.
[4]
}}M. Bailey, J. Oberheide, J. Andersen, Z. M. Mao, Jahanian, and J. Nazario, 2007. Automated classification and analysis of internet malware. Proc. RAID 2007 LNCS, vol. 4637, 178--197.
[5]
}}M. Dalla Preda, M. Christodorescu, S. Jha, and S. Debray, 2007. A Semantics-Based Approach to Malware Detection. POPL'07.
[6]
}}M. Christodorescu, S. Jha, S. A. Seshia, D. Song, and R. E. Bryant, 2005. Semantics-aware malware detection. IEEE Symposium on Security and Privacy.
[7]
}}Andrew Walenstein, Rachit Mathur, Mohamed R. Chouchane, and Arun Lakhotia, 2006. Normalizing metamorphic malware using term rewriting. Source Code Analysis and Manipulation, Sixth IEEE International Workshop.
[8]
}}DataRescue sa/nv. IDA Pro -- interactive disassembler. http://www.datarescue.com/idabase/
[9]
}}C. Cifuentes and S. Sendall, 1998. Specifying the Semantics of Machine Instruction. 6th Int'l Workshop on Program Comprehension (IWPC 98), IEEE CS Press, 126--133.
[10]
}}S. K. Debray et al., 2000. Compiler Techniques for Code Compaction. ACM Trans. Programming Languages and Systems, vol. 22, no. 2, 378--415.
[11]
}}A. V. Aho, R. Sethi, and J. D. Ullman, 1986. Compilers: Principles, Techniques and Tools, Addison-Wesley.
[12]
}}Guillaume Bonfante, Matthieu Kaczmarek and Jean-Yves Marion, 2007. Control Flow Graphs as Malware Signatures. International Workshop on the Theory of Computer Viruses.
[13]
}}C. Cifuentes and S. Sendall, 1998. Specifying the Semantics of Machine Instructions. Proc. 6th Int'l Workshop on Program Comprehension (IWPC 98), IEEE CS Press, 126--133.
[14]
}}C. Cifuentes and M. V. Emmerik, 2001. Recovery of Jump Table Case Statements from Binary Code. Proc. 7th Int'l Workshop on Program Comprehension, IEEE CS Press, 171--188.

Cited By

View all
  • (2024)Precise Lake: A Feedback and Visualization System For Optimizing Code Health2024 15th International Conference on Computing Communication and Networking Technologies (ICCCNT)10.1109/ICCCNT61001.2024.10724126(1-7)Online publication date: 24-Jun-2024
  • (2024)Malware Detection Using Control Flow Graphs2024 2nd International Conference on Device Intelligence, Computing and Communication Technologies (DICCT)10.1109/DICCT61038.2024.10532908(216-220)Online publication date: 15-Mar-2024
  • (2023)Enhancing Android Security: Static Analysis for Robust Protection and Resilient Defences using Deep Learning2023 7th International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC)10.1109/I-SMAC58438.2023.10290413(154-159)Online publication date: 11-Oct-2023
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences
A2CWiC '10: Proceedings of the 1st Amrita ACM-W Celebration on Women in Computing in India
September 2010
425 pages
ISBN:9781450301947
DOI:10.1145/1858378
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 September 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. control flow graph
  2. detection
  3. malware
  4. optimization

Qualifiers

  • Short-paper

Conference

A2CWiC '10
A2CWiC '10: Emerging Trends in Computing
September 16 - 17, 2010
Coimbatore, India

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)24
  • Downloads (Last 6 weeks)2
Reflects downloads up to 12 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Precise Lake: A Feedback and Visualization System For Optimizing Code Health2024 15th International Conference on Computing Communication and Networking Technologies (ICCCNT)10.1109/ICCCNT61001.2024.10724126(1-7)Online publication date: 24-Jun-2024
  • (2024)Malware Detection Using Control Flow Graphs2024 2nd International Conference on Device Intelligence, Computing and Communication Technologies (DICCT)10.1109/DICCT61038.2024.10532908(216-220)Online publication date: 15-Mar-2024
  • (2023)Enhancing Android Security: Static Analysis for Robust Protection and Resilient Defences using Deep Learning2023 7th International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC)10.1109/I-SMAC58438.2023.10290413(154-159)Online publication date: 11-Oct-2023
  • (2021)Supervised malware learning in cloud through System calls analysis2021 International Conference on Innovative Computing, Intelligent Communication and Smart Electrical Systems (ICSES)10.1109/ICSES52305.2021.9633788(1-8)Online publication date: 24-Sep-2021
  • (2021)Identifying ATT&CK Tactics in Android Malware Control Flow Graph Through Graph Representation Learning and Interpretability2021 IEEE International Conference on Big Data (Big Data)10.1109/BigData52589.2021.9671343(5602-5608)Online publication date: 15-Dec-2021
  • (2020)MALGRA: Machine Learning and N-Gram Malware Feature Extraction and Detection SystemElectronics10.3390/electronics91117779:11(1777)Online publication date: 26-Oct-2020
  • (2020)A survey on graph-based methods for malware detection2020 4th International Conference on Advanced Systems and Emergent Technologies (IC_ASET)10.1109/IC_ASET49463.2020.9318301(130-134)Online publication date: 15-Dec-2020
  • (2020)A Conceptual Direction on Automatically Evolving Computer Malware using Genetic and Evolutionary Algorithms2020 International Conference on Inventive Computation Technologies (ICICT)10.1109/ICICT48043.2020.9112509(226-229)Online publication date: Feb-2020
  • (2020)Using Dtrace for Machine Learning Solutions in Malware Detection2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT)10.1109/ICCCNT49239.2020.9225633(1-7)Online publication date: Jul-2020
  • (2019)Efficiency and Precision Enhancement of Code Clone Detection Using Hybrid Technique-Based Web ToolComputational Network Application Tools for Performance Management10.1007/978-981-32-9585-8_19(225-234)Online publication date: 19-Oct-2019
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media