THE FOURTH INTERNATIONAL CONFERENCE ON FORENSIC COMPUTER SCIENCE - ICoFCS 2009
Online ISBN: 978-85-65069-03-8, Print ISSN: 1980-1114, pp 7-14
DOI: 10.5769/C2009001 and http://dx.doi.org/10.5769/C2009001
Automated Malware Invariant Generation
By Rachid Rebiha, and Arnaldo Moura
To download the paper, click here.
To return to the "Published Papers" main page, click here.
In our days, any social infrastructure relies on computer security and privacy: a malicious intent to a computer is a threat to society. Our project aims to design and develop a powerful binary analysis framework based on formal methods and employ the platform in order to provide automatic in-depth malware analysis. We propose a new method to detect and identify malware by generating automatically invariants directly from the specified malware code and use it as semantic aware signatures that we call malware-invariant. Also, we propose a host-based intrusion detection systems using automatically generated model where system calls are guarded by pre-computed invariant in order to report any deviation observed during the execution of the application. Our methods provides also technics for the detection of logic bugs and vulnerability in the application. Current malware detectors are “signature-based” but is it well-known that Malware writers use obfuscation to evade current detectors easily. We propose automatic semantic aware detection, identification and model extraction methods, hereby circumventing difficulties met by recent approaches.
Formal Methods, Security, Forensic Computer Science, Static and Dynamic Binary Analysis, Malware/Intrusion/Vulnerability Detection, Identification and Containment.