Sciweavers

SIGSOFT
2007
ACM

Mining specifications of malicious behavior

14 years 4 months ago
Mining specifications of malicious behavior
Malware detectors require a specification of malicious behavior. Typically, these specifications are manually constructed by investigating known malware. We present an automatic technique to overcome this laborious manual process. Our technique derives such a specification by comparing the execution behavior of a known malware against the execution behaviors of a set of benign programs. In other words, we mine the malicious behavior present in a known malware that is not present in a set of benign programs. The output of our algorithm can be used by malware detectors to detect malware variants. Since our algorithm provides a succinct description of malicious behavior present in a malware, it can also be used by security analysts for understanding the malware. We have implemented a prototype based on our algorithm and tested it on several malware programs. Experimental results obtained from our prototype indicate that our algorithm is effective in extracting malicious behaviors that ca...
Mihai Christodorescu, Somesh Jha, Christopher Krue
Added 20 Nov 2009
Updated 20 Nov 2009
Type Conference
Year 2007
Where SIGSOFT
Authors Mihai Christodorescu, Somesh Jha, Christopher Kruegel
Comments (0)