Modelling Metamorphism by Abstract Interpretation
نویسندگان
چکیده
Metamorphic malware apply semantics-preserving transformations to their own code in order to foil detection systems based on signature matching. In this paper we consider the problem of automatically extract metamorphic signatures from these malware. We introduce a semantics for self-modifying code, later called phase semantics, and prove its correctness by showing that it is an abstract interpretation of the standard trace semantics. Phase semantics precisely models the metamorphic code behavior by providing a set of traces of programs which correspond to the possible evolutions of the metamorphic code during execution. We show that metamorphic signatures can be automatically extracted by abstract interpretation of the phase semantics, and that regular metamorphism can be modelled as finite state automata abstraction of the phase semantics.
منابع مشابه
Unveiling metamorphism by abstract interpretation of code properties
a r t i c l e i n f o a b s t r a c t Abstract interpretation Program semantics Metamorphic malware detection Self-modifying programs Metamorphic code includes self-modifying semantics-preserving transformations to exploit code diversification. The impact of metamorphism is growing in security and code protection technologies, both for preventing malicious host attacks, e.g., in software divers...
متن کاملAbstract Interpretation of Floating-Point Computations
Interpretation of Floating-Point Computations Sylvie Putot Laboratory for ModElling and Analysis of Systems in Interaction, CEA-LIST/X/CNRS Session: Static Analysis for Safety and Performance ARTIST2 MOTIVES Trento Italy, February 19-23, 2007 Sylvie Putot Laboratory for ModElling and Analysis of Systems in Interaction, CEA-LIST/X/CNRS Abst Interpretation of Floating-Point Computations
متن کاملAnalysis of disassembled executable codes by abstract interpretation
The aim of this paper is to dene the abstract domain, abstract operator, abstract semantic, the environments and states of disassembled executable codes as well as a way to analysis the disassembled executable codes. Nowadays, static analysis on disassembled code going to grow. Reverse engineering and malware analysis use this technique. Thus, we tried to perform pluralization the requirements ...
متن کاملRainfall-runoff modelling using artificial neural networks (ANNs): modelling and understanding
In recent years, artificial neural networks (ANNs) have become one of the most promising tools in order to model complex hydrological processes such as the rainfall-runoff process. In many studies, ANNs have demonstrated superior results compared to alternative methods. ANNs are able to map underlying relationship between input and output data without prior understanding of the process under in...
متن کاملکانیشناسی مرمرهای حاصل از دگرگونی لیستونیتها در افیولیتهای پروتروزوئیک بالایی انارک (شمال شرق استان اصفهان، ایران)
In the upper Proterozoic Anarak ophiolite, the marbles are present and havr excellent exposures in different areas. Their best exposure is in southern slope of Chah-Gorbeh mountain (Chah-Mahdi valley). In the field, marbles have massive and dike like exposures. Petrographic studies and geochemistry of minerals show that marbles consist of carbonate (calcite), garnet (andradite), clinopyroxene (...
متن کامل