Static Detection of Malicious Code in Executable Programs
نویسندگان
چکیده
In this paper, we propose a new approach for the static detection of malicious code in executable programs. Our approach rests on a semantic analysis based on behaviour that even makes possible the detection of unknown malicious code. This analysis is carried out directly on binary code. Static analysis offers techniques for predicting properties of the behaviour of programs without running them. The static analysis of a binary executable is achieved in three major steps: construction of an intermediate representation, flow-based analysis that captures security-oriented program behaviour, and static verification of critical behaviours against security policies (model checking).
منابع مشابه
Static Analysis of Executables to Detect Malicious Patterns
Malicious code detection is a crucial component of any defense mechanism. In this paper, we present a unique viewpoint on malicious code detection. We regard malicious code detection as an obfuscation-deobfuscation game between malicious code writers and researchers working on malicious code detection. Malicious code writers attempt to obfuscate the malicious code to subvert the malicious code ...
متن کاملClassifying Malicious Windows Executables Using Anomaly Based Detection
CLASSIFYING MALICIOUS WINDOWS EXECUTABLES USING ANOMALY BASED DETECTION by Ronak Sutaria A malicious executable is broadly defined as any program or piece of code designed to cause damage to a system or the information it contains, or to prevent the system from being used in a normal manner. A generic term used to describe any kind of malicious software is Malware, which includes Viruses, Worms...
متن کاملHauptseminar: Security - Zwischen formalen Methoden und Praxis Malicious code detection
In any defense mechanism, malicious code detection is a crucial component. To subvert malicious code detectors, e.g anti-virus software, malicious code writers try to subvert these detectors by obfuscating the malicious code. As testing results surprisingly showed, commercial virus scanners were not able to detect infected binaries which were transformed by applying simple obfuscation technique...
متن کاملMac Malware Detection via Static File Structure Analysis
It is widely acknowledged in the security community that the current signature-based approach to virus detection is no longer adequate. More recently, antivirus software has been doing dynamic malicious behavior detection. While this is more effective, it is computationally expensive, so they cannot do very much of it or the performance of the user’s computer will suffer. Static executable anal...
متن کاملUsing Fuzzy Pattern Recognition to Detect Unknown Malicious Executables Code
An intelligent detect system to recognition unknown computer virus is proposed. Using the method based on fuzzy pattern recognition algorithm, a malicious executable code detection network model is designed also. This model target at Win32 binary viruses on Intel IA32 architectures. It could detect known and unknown malicious code by analyzing their behavior. We gathered 423 benign and 209 mali...
متن کامل