Behavior Abstraction in Malware Analysis

被引:0
|
作者
Beaucamps, Philippe [1 ]
Gnaedig, Isabelle [1 ]
Marion, Jean-Yves [1 ]
机构
[1] Nancy Univ, INPL, INRIA Nancy Grand Est, LORIA, F-54506 Vandoeuvre Les Nancy, France
来源
RUNTIME VERIFICATION | 2010年 / 6418卷
关键词
Malware; behavioral detection; behavior abstraction; trace; string rewriting; finite state automaton; formal language; dynamic binary instrumentation;
D O I
暂无
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
We present an approach for proactive malware detection working by abstraction of program behaviors. Our technique consists in abstracting program traces, by rewriting given subtraces into abstract symbols representing their functionality. Traces are captured dynamically by code instrumentation, which allows us to handle packed or self-modifying malware. Suspicious behaviors are detected by comparing trace abstractions to reference malicious behaviors. The expressive power of abstraction allows us to handle general suspicious behaviors rather than specific malware code and then, to detect malware mutations. We present and discuss an implementation validating our approach.
引用
收藏
页码:168 / 182
页数:15
相关论文
共 50 条
  • [1] An Analysis of Android Malware Behavior
    Singh, Gagandeep
    Jaafar, Fehmi
    Zavarsky, Pavol
    [J]. 2018 IEEE 18TH INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY COMPANION (QRS-C), 2018, : 505 - 512
  • [2] Accurate Malware Detection by Extreme Abstraction
    Copty, Fady
    Danos, Matan
    Edelstein, Orit
    Eisner, Cindy
    Murik, Dov
    Zeltser, Benjamin
    [J]. 34TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2018), 2018, : 101 - 111
  • [3] Visualization Techniques for Malware Behavior Analysis
    Gregio, Andre R. A.
    Santos, Rafael D. C.
    [J]. SENSORS, AND COMMAND, CONTROL, COMMUNICATIONS, AND INTELLIGENCE (C3I) TECHNOLOGIES FOR HOMELAND SECURITY AND HOMELAND DEFENSE X, 2011, 8019
  • [4] A survey of malware behavior description and analysis
    Bo Yu
    Ying Fang
    Qiang Yang
    Yong Tang
    Liu Liu
    [J]. Frontiers of Information Technology & Electronic Engineering, 2018, 19 : 583 - 603
  • [5] Identifying Behavior Dispatchers for Malware Analysis
    Park, Kyuhong
    Sahin, Burak
    Chen, Yongheng
    Zhao, Jisheng
    Downing, Evan
    Hu, Hong
    Lee, Wenke
    [J]. ASIA CCS'21: PROCEEDINGS OF THE 2021 ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2021, : 759 - 773
  • [6] A survey of malware behavior description and analysis
    Yu, Bo
    Fang, Ying
    Yang, Qiang
    Tang, Yong
    Liu, Liu
    [J]. FRONTIERS OF INFORMATION TECHNOLOGY & ELECTRONIC ENGINEERING, 2018, 19 (05) : 583 - 603
  • [7] User Behavior Analysis for Malware Detection
    Dumitrasc, Valentina
    Serral-Gracia, Rene
    [J]. COMPUTER SECURITY. ESORICS 2023 INTERNATIONAL WORKSHOPS, CPS4CIP, PT II, 2024, 14399 : 92 - 110
  • [8] Analysis on the Sequential Behavior of Malware Attacks
    Rosyid, Nur Rohman
    Ohrui, Masayuki
    Kikuchi, Hiroaki
    Sooraksa, Pitikhate
    Terada, Masato
    [J]. IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, 2011, E94D (11): : 2139 - 2149
  • [9] Design on Android malware behavior analysis system
    [J]. Li, J.-H. (jovistar@gmail.com), 1600, Beijing University of Posts and Telecommunications (37):
  • [10] Identifying DGA Malware via Behavior Analysis
    Zang, Xiaodong
    Gong, Jian
    Zong, Ping
    [J]. 2021 IEEE WIRELESS COMMUNICATIONS AND NETWORKING CONFERENCE (WCNC), 2021,
12345