Paper Appeared at ISSTA 2004
Posted 22 June 2004
The paper Testing Malware Detectors appeared at the International Symposium on Software Testing and
Analysis in Boston, Massachusetts, on July 12,
2004. Mihai Christodorescu and Somesh Jha co-authored the paper.
Mihai presented the paper at the conference.
In today's interconnected world, malware, such as worms and viruses, can cause havoc. A malware detector (commonly known as virus scanner) attempts to identify malware. In spite of the importance of malware detectors, there is a dearth of testing techniques for evaluating them. We presented a technique based on program obfuscation for generating tests for malware detectors. Our technique is geared towards evaluating the resilience of malware detectors to various obfuscation transformations commonly used by hackers to disguise malware. We also demonstrated that a hacker can leverage a malware detector's weakness in handling obfuscation transformations and can extract the signature used by a detector for a specific malware. We evaluated three widely-used commercial virus scanners using our techniques and discovered that the resilience of these scanners to various obfuscations is very poor.
