Semantics-aware malware detection

Citation data:

Proceedings - IEEE Symposium on Security and Privacy, ISSN: 1081-6011, Page: 32-46

Publication Year:
2005
Usage 3876
Downloads 3691
Abstract Views 185
Captures 309
Readers 309
Citations 390
Citation Indexes 390
Repository URL:
http://repository.cmu.edu/ece/14
DOI:
10.1109/sp.2005.20
Author(s):
Christodorescu, Mihai; Jha, Somesh; Seshia, Sanjit A; Song, Dawn; Bryant, Randal E
Publisher(s):
Institute of Electrical and Electronics Engineers (IEEE); IEEE
Tags:
Engineering; Electrical and Computer Engineering
conference paper description
A malware detector is a system that attempts to determine whether a program has malicious intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to morph malware. Malware detectors that use a pattern-matching approach (such as commercial virus scanners) are susceptible to obfuscations used by hackers. The fundamental deficiency in the pattern-matching approach to malware detection is that it is purely syntactic and ignores the semantics of instructions. In this paper, we present a malware-detection algorithm that addresses this deficiency by incorporating instruction semantics to detect malicious program traits. Experimental evaluation demonstrates that our malware-detection algorithm can detect variants of malware with a relatively low run-time overhead. Moreover, our semantics-aware malware detection algorithm is resilient to common obfuscations used by hackers. © 2005 IEEE.