Semantic malware detection.

Alzarouni, Khalid and Clark, David and Tratt, Laurence (2010) Semantic malware detection. Technical Report. King's College London, Department of Computer Science..

Full text is not in this repository.


Polymorphic and metamorphic malware use code obfuscation techniques to construct new variants which preserve the semantics of the original but change the code syntax, evading current compiled code based detection methods. Dynamic slicing is a technique that, given a variable of interest within a program, isolates a relevant subset of executed program code that influences that variable. Using dynamic slicing to condition semantic traces identifies ‘core’ behaviours that, as part of an overall semantics based approach, has the potential to play a significant rˆole in detecting difficult malware variants. We preface this by a discussion of the motivation and the contextual role for this form of slicing in semantics based matching. A brief outline of the semantic trace mapping algorithm is presented with an example. We complete the report with presentation of our test data generation technique using backward domain reduction with some examples as a stand-alone step in the process of genearting data inputs for producing unique semantic program traces.

Item Type:Monograph (Technical Report)
Research Areas:A. > School of Science and Technology > Computer and Communications Engineering
ID Code:5897
Deposited On:28 May 2010 13:57
Last Modified:02 Oct 2015 13:17

Repository staff only: item control page

Full text downloads (NB count will be zero if no full text documents are attached to the record)

Downloads per month over the past year