Semantic malware detection.

Alzarouni, Khalid, Clark, David and Tratt, Laurence (2010) Semantic malware detection. Technical Report. King's College London, Department of Computer Science.. . [Monograph] (doi:TR-10-03)


Polymorphic and metamorphic malware use code obfuscation techniques to construct new variants which preserve the
semantics of the original but change the code syntax, evading current compiled code based detection methods. Dynamic slicing is a technique that, given a variable of interest within a program, isolates a relevant subset of executed program code that influences that variable. Using dynamic slicing to condition semantic traces identifies ‘core’ behaviours that, as part of an overall semantics based approach, has the potential to play a significant rˆole in detecting difficult malware variants. We preface this by a discussion of the motivation and the contextual role for this form of slicing in semantics based
matching. A brief outline of the semantic trace mapping algorithm is presented with an example. We complete the report with presentation of our test data generation technique using backward domain reduction with some examples as a stand-alone step in the process of genearting data inputs for producing unique semantic program traces.

Item Type: Monograph (Technical Report)
Research Areas: A. > School of Science and Technology > Computer and Communications Engineering
Item ID: 5897
Depositing User: Dr Laurence Tratt
Date Deposited: 28 May 2010 13:57
Last Modified: 13 Oct 2016 14:19

Actions (login required)

View Item View Item


Activity Overview
6 month trend
6 month trend

Additional statistics are available via IRStats2.