• DocumentCode
    1592285
  • Title

    Morphological detection of malware

  • Author

    Bonfante, Guillaume ; Kaczmarek, Matthieu ; Marion, Jean-Yves

  • Author_Institution
    INPL, Nancy-Univ., Vandoeuvre-les-Nancy
  • fYear
    2008
  • Firstpage
    1
  • Lastpage
    8
  • Abstract
    In the field of malware detection, method based on syntactical consideration are usually efficient. However, they are strongly vulnerable to obfuscation techniques. This study proposes an efficient construction of a morphological malware detector based on a syntactic and a semantic analysis, technically on control flow graphs of programs (CFG). Our construction employs tree automata techniques to provide an efficient representation of the CFG database. Next, we deal with classic obfuscation of programs by mutation using a generic graph rewriting engine. Finally, we carry out experiments to evaluate the false-positive ratio of the proposed methods.
  • Keywords
    invasive software; CFG database; false-positive ratio; generic graph rewriting engine; malware detection; morphological detection; obfuscation techniques; tree automata techniques; Automata; Automatic control; Databases; Detectors; Engines; Flow graphs; Genetic mutations; Shape control; Tree graphs; Viruses (medical);
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Malicious and Unwanted Software, 2008. MALWARE 2008. 3rd International Conference on
  • Conference_Location
    Fairfax, VI
  • Print_ISBN
    978-1-4244-3288-2
  • Electronic_ISBN
    978-1-4244-3289-9
  • Type

    conf

  • DOI
    10.1109/MALWARE.2008.4690851
  • Filename
    4690851
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1592285