Detection of metamorphic and virtualization-based malware using algebraic specification |
| |
Authors: | Matt Webster Grant Malcolm |
| |
Affiliation: | (1) Department of Computer Science, University of Liverpool, Liverpool, L69 3BX, UK |
| |
Abstract: | We present an overview of the latest developments in the detection of metamorphic and virtualization-based malware using an
algebraic specification of the Intel 64 assembly programming language. After giving an overview of related work, we describe
the development of a specification of a subset of the Intel 64 instruction set in Maude, an advanced formal algebraic specification
tool. We develop the technique of metamorphic malware detection based on equivalence-in-context so that it is applicable to
imperative programming languages in general, and we give two detailed examples of how this might be used in a practical setting
to detect metamorphic malware. We discuss the application of these techniques within anti-virus software, and give a proof-of-concept
system for defeating detection counter-measures used by virtualization-based malware, which is based on our Maude specification
of Intel 64. Finally, we compare formal and informal approaches to malware detection, and give some directions for future
research. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|