PAPERS
HOME     SCOPE     VENUE    COMMITTEE     GUIDELINES    AWARD     PAPERS      CONFERENCES
THE FOURTH INTERNATIONAL CONFERENCE ON FORENSIC COMPUTER SCIENCE - ICoFCS 2009 

Online ISBN: 978-85-65069-03-8, Print ISSN: 1980-1114, pp 7-14

DOI: 10.5769/C2009001 and http://dx.doi.org/10.5769/C2009001


Automated Malware Invariant Generation

By Rachid Rebiha, and Arnaldo Moura


To download the paper, click here.
To return to the "Published Papers" main page, click here.
ABSTRACT

In our days, any social infrastructure relies on computer security and privacy: a malicious intent to a computer is a threat to society. Our project aims to design and develop a powerful binary analysis framework based on formal methods and employ the platform in order to provide automatic in-depth malware analysis. We propose a new method to detect and identify malware by generating automatically invariants directly from the specified malware code and use it as semantic aware signatures that we call malware-invariant. Also, we propose a host-based intrusion detection systems using automatically generated model where system calls are guarded by pre-computed invariant in order to report any deviation observed during the execution of the application. Our methods provides also technics for the detection of logic bugs and vulnerability in the application. Current malware detectors are “signature-based” but is it well-known that Malware writers use obfuscation to evade current detectors easily. We propose automatic semantic aware detection, identification and model extraction methods, hereby circumventing difficulties met by recent approaches.

KEYWORDS

Formal Methods, Security, Forensic Computer Science, Static and Dynamic Binary Analysis, Malware/Intrusion/Vulnerability Detection, Identification and Containment.