Malware Detection Paper Appeared at Oakland 2005
Posted 13 May 2005
The paper Semantics-Aware Malware Detection by Mihai
Christodorescu (pictured at far left), Somesh Jha (pictured at
left), Sanjit A. Seshia, Dawn Song, and Randal E. Bryant appeared
at the 2005 IEEE Symposium on Security and Privacy. The conference
was held May 8–11 in Oakland, California. Mihai presented the
paper at the conference.
A malware detector is a system that attempts to determine whether a program has malicious intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to morph malware. Malware detectors that use a pattern-matching approach (such as commercial virus scanners) are susceptible to obfuscations used by hackers. The fundamental deficiency in the pattern-matching approach to malware detection is that it is purely syntactic and ignores the semantics of instructions. In this paper, the authors presented a malware-detection algorithm that addressed this deficiency by incorporating instruction semantics to detect malicious program traits. Experimental evaluation demonstrated that their malware-detection algorithm detected variants of malware with a relatively low run-time overhead. Moreover, their semantics-aware malware detection algorithm was resilient to common obfuscations used by hackers.
