Semantics-aware malware detection

Semantics-aware malware detection

A malware detector is a system that attempts to determine whether a program has malicious intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to morph malware. Malware detectors that use a pattern-matching approach (such as commercial virus scanners) are suscept...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Computer hacking
Computer viruses
Computer worms
Contracts
Cryptography
Detection algorithms
Detectors
Government
Runtime
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 46
container_issue
container_start_page 32
container_title
container_volume
creator Christodorescu, M.
Jha, S.
Seshia, S.A.
Song, D.
Bryant, R.E.
description A malware detector is a system that attempts to determine whether a program has malicious intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to morph malware. Malware detectors that use a pattern-matching approach (such as commercial virus scanners) are susceptible to obfuscations used by hackers. The fundamental deficiency in the pattern-matching approach to malware detection is that it is purely syntactic and ignores the semantics of instructions. In this paper, we present a malware-detection algorithm that addresses this deficiency by incorporating instruction semantics to detect malicious program traits. Experimental evaluation demonstrates that our malware-detection algorithm can detect variants of malware with a relatively low run-time overhead. Moreover our semantics-aware malware detection algorithm is resilient to common obfuscations used by hackers.
doi_str_mv 10.1109/SP.2005.20
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_1425057</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>1425057</ieee_id><sourcerecordid>1425057</sourcerecordid><originalsourceid>FETCH-LOGICAL-c252t-2c548565f3e3e6f1af50071beac4554f63754827aa5b22e4a7ecb6b36241a42e3</originalsourceid><addsrcrecordid>eNotjk1Lw0AQhhc_wFBz8epFf8DWmdmZ3eQoRatQUKiey2SdQKSpkgTEf29Qn8P73F4e5y4QlohQ32yflwQg8xy5gkISjwTp2JV1qiDFWiiEmk5cgVChj4B45spxfIcZDkzIhbveWq-Hqcuj1y8d7KrX_a_fbLI8dR-Hc3fa6n608t8L93p_97J68Jun9ePqduMzCU2esnAlUdpgwWKL2gpAwsY0swi3ce7jipKqNETGmiw3sQmRGJXJwsJd_v12Zrb7HLpeh-8dMglICj_Sdz6W</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Semantics-aware malware detection</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Christodorescu, M. ; Jha, S. ; Seshia, S.A. ; Song, D. ; Bryant, R.E.</creator><creatorcontrib>Christodorescu, M. ; Jha, S. ; Seshia, S.A. ; Song, D. ; Bryant, R.E.</creatorcontrib><description>A malware detector is a system that attempts to determine whether a program has malicious intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to morph malware. Malware detectors that use a pattern-matching approach (such as commercial virus scanners) are susceptible to obfuscations used by hackers. The fundamental deficiency in the pattern-matching approach to malware detection is that it is purely syntactic and ignores the semantics of instructions. In this paper, we present a malware-detection algorithm that addresses this deficiency by incorporating instruction semantics to detect malicious program traits. Experimental evaluation demonstrates that our malware-detection algorithm can detect variants of malware with a relatively low run-time overhead. Moreover our semantics-aware malware detection algorithm is resilient to common obfuscations used by hackers.</description><identifier>ISSN: 1081-6011</identifier><identifier>ISBN: 9780769523392</identifier><identifier>ISBN: 0769523390</identifier><identifier>EISSN: 2375-1207</identifier><identifier>DOI: 10.1109/SP.2005.20</identifier><language>eng</language><publisher>IEEE</publisher><subject>Computer hacking ; Computer viruses ; Computer worms ; Contracts ; Cryptography ; Detection algorithms ; Detectors ; Government ; Runtime</subject><ispartof>2005 IEEE Symposium on Security and Privacy (S&amp;P'05), 2005, p.32-46</ispartof><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c252t-2c548565f3e3e6f1af50071beac4554f63754827aa5b22e4a7ecb6b36241a42e3</citedby></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/1425057$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,796,2058,4050,4051,27925,54758,54920</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/1425057$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Christodorescu, M.</creatorcontrib><creatorcontrib>Jha, S.</creatorcontrib><creatorcontrib>Seshia, S.A.</creatorcontrib><creatorcontrib>Song, D.</creatorcontrib><creatorcontrib>Bryant, R.E.</creatorcontrib><title>Semantics-aware malware detection</title><title>2005 IEEE Symposium on Security and Privacy (S&amp;P'05)</title><addtitle>SECPRI</addtitle><description>A malware detector is a system that attempts to determine whether a program has malicious intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to morph malware. Malware detectors that use a pattern-matching approach (such as commercial virus scanners) are susceptible to obfuscations used by hackers. The fundamental deficiency in the pattern-matching approach to malware detection is that it is purely syntactic and ignores the semantics of instructions. In this paper, we present a malware-detection algorithm that addresses this deficiency by incorporating instruction semantics to detect malicious program traits. Experimental evaluation demonstrates that our malware-detection algorithm can detect variants of malware with a relatively low run-time overhead. Moreover our semantics-aware malware detection algorithm is resilient to common obfuscations used by hackers.</description><subject>Computer hacking</subject><subject>Computer viruses</subject><subject>Computer worms</subject><subject>Contracts</subject><subject>Cryptography</subject><subject>Detection algorithms</subject><subject>Detectors</subject><subject>Government</subject><subject>Runtime</subject><issn>1081-6011</issn><issn>2375-1207</issn><isbn>9780769523392</isbn><isbn>0769523390</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2005</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotjk1Lw0AQhhc_wFBz8epFf8DWmdmZ3eQoRatQUKiey2SdQKSpkgTEf29Qn8P73F4e5y4QlohQ32yflwQg8xy5gkISjwTp2JV1qiDFWiiEmk5cgVChj4B45spxfIcZDkzIhbveWq-Hqcuj1y8d7KrX_a_fbLI8dR-Hc3fa6n608t8L93p_97J68Jun9ePqduMzCU2esnAlUdpgwWKL2gpAwsY0swi3ce7jipKqNETGmiw3sQmRGJXJwsJd_v12Zrb7HLpeh-8dMglICj_Sdz6W</recordid><startdate>2005</startdate><enddate>2005</enddate><creator>Christodorescu, M.</creator><creator>Jha, S.</creator><creator>Seshia, S.A.</creator><creator>Song, D.</creator><creator>Bryant, R.E.</creator><general>IEEE</general><scope>6IE</scope><scope>6IH</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIO</scope></search><sort><creationdate>2005</creationdate><title>Semantics-aware malware detection</title><author>Christodorescu, M. ; Jha, S. ; Seshia, S.A. ; Song, D. ; Bryant, R.E.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c252t-2c548565f3e3e6f1af50071beac4554f63754827aa5b22e4a7ecb6b36241a42e3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2005</creationdate><topic>Computer hacking</topic><topic>Computer viruses</topic><topic>Computer worms</topic><topic>Contracts</topic><topic>Cryptography</topic><topic>Detection algorithms</topic><topic>Detectors</topic><topic>Government</topic><topic>Runtime</topic><toplevel>online_resources</toplevel><creatorcontrib>Christodorescu, M.</creatorcontrib><creatorcontrib>Jha, S.</creatorcontrib><creatorcontrib>Seshia, S.A.</creatorcontrib><creatorcontrib>Song, D.</creatorcontrib><creatorcontrib>Bryant, R.E.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan (POP) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP) 1998-present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Christodorescu, M.</au><au>Jha, S.</au><au>Seshia, S.A.</au><au>Song, D.</au><au>Bryant, R.E.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Semantics-aware malware detection</atitle><btitle>2005 IEEE Symposium on Security and Privacy (S&amp;P'05)</btitle><stitle>SECPRI</stitle><date>2005</date><risdate>2005</risdate><spage>32</spage><epage>46</epage><pages>32-46</pages><issn>1081-6011</issn><eissn>2375-1207</eissn><isbn>9780769523392</isbn><isbn>0769523390</isbn><abstract>A malware detector is a system that attempts to determine whether a program has malicious intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to morph malware. Malware detectors that use a pattern-matching approach (such as commercial virus scanners) are susceptible to obfuscations used by hackers. The fundamental deficiency in the pattern-matching approach to malware detection is that it is purely syntactic and ignores the semantics of instructions. In this paper, we present a malware-detection algorithm that addresses this deficiency by incorporating instruction semantics to detect malicious program traits. Experimental evaluation demonstrates that our malware-detection algorithm can detect variants of malware with a relatively low run-time overhead. Moreover our semantics-aware malware detection algorithm is resilient to common obfuscations used by hackers.</abstract><pub>IEEE</pub><doi>10.1109/SP.2005.20</doi><tpages>15</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1081-6011
ispartof 2005 IEEE Symposium on Security and Privacy (S&P'05), 2005, p.32-46
issn 1081-6011
2375-1207
language eng
recordid cdi_ieee_primary_1425057
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Computer hacking
Computer viruses
Computer worms
Contracts
Cryptography
Detection algorithms
Detectors
Government
Runtime
title Semantics-aware malware detection
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-20T07%3A29%3A09IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Semantics-aware%20malware%20detection&rft.btitle=2005%20IEEE%20Symposium%20on%20Security%20and%20Privacy%20(S&P'05)&rft.au=Christodorescu,%20M.&rft.date=2005&rft.spage=32&rft.epage=46&rft.pages=32-46&rft.issn=1081-6011&rft.eissn=2375-1207&rft.isbn=9780769523392&rft.isbn_list=0769523390&rft_id=info:doi/10.1109/SP.2005.20&rft_dat=%3Cieee_6IE%3E1425057%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=1425057&rfr_iscdi=true