Paper Appeared in 12th USENIX Security Symposium
Posted 29 May 2003
The paper Static analysis of executables to detect malicious patterns by project members Mihai Christodorescu and Somesh Jha appeared in the 12th USENIX Security Symposium. This year's annual symposium was held in Washington, DC, in August 2003. Mihai presented the paper at the conference.
Christodorescu and Jha's paper first explained how virus writers can easily defeat current commercial virus scanners. Trivial code manipulations allow old virii to reemerge as undetected threats. Moreover, these virii may continually modify their code in the wild, preventing the commercial signature-based detection schemes from ever staying current.
The two authors then demonstrated that deep static analysis of infected binary programs can detect the presence of malicious code, even if the code has been manipulated. Detection is no longer bound to a static signature and can identify virus code even after certain code obfuscations have occurred.
