Unveiling metamorphism by abstract interpretation of code properties

نویسندگان

  • Mila Dalla Preda
  • Roberto Giacobazzi
  • Saumya K. Debray
چکیده

a r t i c l e i n f o a b s t r a c t Abstract interpretation Program semantics Metamorphic malware detection Self-modifying programs Metamorphic code includes self-modifying semantics-preserving transformations to exploit code diversification. The impact of metamorphism is growing in security and code protection technologies, both for preventing malicious host attacks, e.g., in software diversification for IP and integrity protection, and in malicious software attacks, e.g., in metamorphic malware self-modifying their own code in order to foil detection systems based on signature matching. In this paper we consider the problem of automatically extracting metamorphic signatures from metamorphic code. We introduce a semantics for self-modifying code, later called phase semantics, and prove its correctness by showing that it is an abstract interpretation of the standard trace semantics. Phase semantics precisely models the metamorphic code behavior by providing a set of traces of programs which correspond to the possible evolutions of the metamorphic code during execution. We show that metamorphic signatures can be automatically extracted by abstract interpretation of the phase semantics. In particular, we introduce the notion of regular metamorphism, where the invariants of the phase semantics can be modeled as finite state automata representing the code structure of all possible metamorphic change of a metamorphic code, and we provide a static signature extraction algorithm for metamorphic code where metamorphic signatures are approximated in regular metamorphism.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Modelling Metamorphism by Abstract Interpretation

Metamorphic malware apply semantics-preserving transformations to their own code in order to foil detection systems based on signature matching. In this paper we consider the problem of automatically extract metamorphic signatures from these malware. We introduce a semantics for self-modifying code, later called phase semantics, and prove its correctness by showing that it is an abstract interp...

متن کامل

Analysis of disassembled executable codes by abstract interpretation

The aim of this paper is to dene the abstract domain, abstract operator, abstract semantic, the environments and states of disassembled executable codes as well as a way to analysis the disassembled executable codes. Nowadays, static analysis on disassembled code going to grow. Reverse engineering and malware analysis use this technique. Thus, we tried to perform pluralization the requirements ...

متن کامل

Semantic-Based Code Obfuscation by Abstract Interpretation

Interpretation Mila Dalla Preda and Roberto Giacobazzi Dipartimento di Informatica, Università di Verona Strada Le Grazie 15, 37134 Verona (Italy) [email protected] | [email protected] Abstract. In this paper we introduce a semantic-based approach for code obfuscation. The aim of code obfuscation is to prevent malicious users to disclose properties of the original source program. ...

متن کامل

Automatic Construction of Hoare Proofs from Abstract Interpretation Results

Interpretation Results Sunae Seo, Hongseok Yang, and Kwangkeun Yi 1 Department of Computer Science, Korea Advanced Institute of Science and Technology [email protected] 2 MICROS Research Center, Korea Advanced Institute of Science and Technology [email protected] 3 School of Computer Science and Engineering, Seoul National University [email protected] Abstract. By combining program lo...

متن کامل

Extracting Hybrid Automata from Control Code

Formal methods—and abstract interpretation in particular— can assist in the development of correct control code. However, current approaches to deploying formal methods do not always match the way practicing engineers develop real control code. Engineers tend to think in code first—not formal models. Standard practice is for engineers to develop their control code and then build a model like a ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • Theor. Comput. Sci.

دوره 577  شماره 

صفحات  -

تاریخ انتشار 2015