Malware Detection Paper Appeared at Oakland 2005

Posted 13 May 2005

The paper Semantics-Aware Malware Detection by Mihai Christodorescu (pictured at far left), Somesh Jha (pictured at left), Sanjit A. Seshia, Dawn Song, and Randal E. Bryant appeared at the 2005 IEEE Symposium on Security and Privacy. The conference was held May 8–11 in Oakland, California. Mihai presented the paper at the conference.

A malware detector is a system that attempts to determine whether a program has malicious intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to morph malware. Malware detectors that use a pattern-matching approach (such as commercial virus scanners) are susceptible to obfuscations used by hackers. The fundamental deficiency in the pattern-matching approach to malware detection is that it is purely syntactic and ignores the semantics of instructions. In this paper, the authors presented a malware-detection algorithm that addressed this deficiency by incorporating instruction semantics to detect malicious program traits. Experimental evaluation demonstrated that their malware-detection algorithm detected variants of malware with a relatively low run-time overhead. Moreover, their semantics-aware malware detection algorithm was resilient to common obfuscations used by hackers.

The paper is available online: [Abstract] [pdf] [ps]

<< Back to index

This page updated October 18, 2005.