The Grand Challenge in Metamorphic Analysis
نویسنده
چکیده
Malware detection is a crucial aspect of software security. Malware typically recur to a variety of disguise and concealing techniques in order to avoid detection. Metamorphism is the ability of a program to mutate its form yet keeping unchanged its functionality and therefore its danger in case of malware. A major challenge in this field is the development of general automatic/systematic detection techniques that are able to catch the possible variants of a metamorphic malware. We take the position that the key for handling metamorphism relies in a deeper understanding of the semantics of the metamorphic malware. By applying standard formal methods we aim at proving that metamorphic analysis is a special case of program analysis, where the object of computation is code interpreted as a mutational data structure. 1 Metamorphic Malware Analysis Detecting and neutralizing malware is a major challenge in computer security involving both sophisticated intrusion detection strategies and code manipulation tools and methods. Traditional misuse (or signature-based) malware detectors are syntactic in nature: They use pattern matching to compare the byte sequence comprising the body of the malware against a signature database [23]. Metamorphism emerged in the last decade as an effective strategy to foil misuse malware detectors. Metamorphic malware apply semantics preserving transformations (e.g. code obfuscation techniques) to modify their own code so that one instance of the malware bears very little resemblance to another instance even though semantically their functionality is the same. Thus, a metamorphic malware is a malware equipped with a metamorphic engine that takes the malware, or parts of it, as input and morphs it at run-time to a syntactically different but semantically equivalent variant, in order to foil signature matching. The quantity of metamorphic variants possible for a particular piece of malware makes it impractical to maintain a signature set that is large enough to cover most or all of these variants, making standard signature-based detection ineffective [5]. The reason for this vulnerability to metamorphism lies upon the purely syntactic nature of most exiting and commercial detectors that ignore program functionalities. Following this observation researchers began to develop detection techniques that take into account properties of the malware behavior instead of properties of its syntax. This naturally needs sophisticated program and behavioral analysis techniques, that rely upon known and new formal methods for reasoning about programs that mutate their code during execution. Code Variants Malware detection (behavioral analysis) Mutation insensitive analysis Standard analysis Kn ow led ge ab ou t co de tra nsf orm atio n s tra teg ies
منابع مشابه
A Machine Learning Approach for Developing Test Oracles for Testing Scientific Software
Absence of test oracles is the grand challenge for testing complex scientific software. Metamorphic testing is the novel technique for developing test oracles on metamorphic relations. Although it is easy to find metamorphic relations based on general guidelines and domain knowledge, the ones that can adequately test the software are difficult to be developed. This paper introduces a machine le...
متن کاملA diffusion reaction theory of morphogenesis in plants
Unified certifiable communication have led to many unproven advances, including reinforcement learning and evolutionary programming. After years of confusing research into forward-error correction, we argue the study of access points. In order to address this grand challenge, we use metamorphic modalities to show that rasterization and checksums can interfere to overcome this challenge.
متن کاملA Grand Convergence in Mortality is Possible: Comment on Global Health 2035
The grand challenge in global health is the inequality in mortality and life expectancy between countries and within countries. According to Global Health 2035, the Lancet Commission celebrating the 20th anniversary of the World Development Report (WDR) of 1993, the world now has the unique opportunity to achieve a grand convergence in global mortality within a generation. This article comments...
متن کاملResearch Challenge on Opinion Mining and Sentiment Analysis
Draft Background The aim of this paper is to present an outline for discussion upon a new Research Challenge on Opinion Mining and Sentiment Analysis. This research challenge has been developed in the scope of project CROSSOVER “Bridging Communities for Next Generation Policy-Making” in the view of the definition of a new Research Roadmap on ICT Tools for Governance and Policy Making, building ...
متن کاملMetamorphic Virus: Analysis and Detection
Metamorphic viruses transform their code as they propagate, thus evading detection by static signature-based virus scanners, while keeping their functionality. They use code obfuscation techniques to challenge deeper static analysis and can also beat dynamic analyzers, such as emulators, by altering their behavior. To achieve this, metamorphic viruses use several metamorphic transformations, in...
متن کامل