Semantic malware detection.
Full text is not in this repository.
Polymorphic and metamorphic malware use code obfuscation techniques to construct new variants which preserve the semantics of the original but change the code syntax, evading current compiled code based detection methods. Dynamic slicing is a technique that, given a variable of interest within a program, isolates a relevant subset of executed program code that influences that variable. Using dynamic slicing to condition semantic traces identifies ‘core’ behaviours that, as part of an overall semantics based approach, has the potential to play a significant rˆole in detecting difficult malware variants. We preface this by a discussion of the motivation and the contextual role for this form of slicing in semantics based matching. A brief outline of the semantic trace mapping algorithm is presented with an example. We complete the report with presentation of our test data generation technique using backward domain reduction with some examples as a stand-alone step in the process of genearting data inputs for producing unique semantic program traces.
|Item Type:||Monograph (Technical Report)|
|Research Areas:||Science & Technology > Software Process, Practice & Design|
|Deposited On:||28 May 2010 13:57|
|Last Modified:||06 Feb 2013 11:40|
Repository Staff Only: item control page
Downloads per month over past year