Malware Analysis with Tree Automata Inference

10 years 9 months ago
Malware Analysis with Tree Automata Inference
Abstract. The underground malware-based economy is flourishing and it is evident that the classical ad-hoc signature detection methods are becoming insufficient. Malware authors seem to share some source code and malware samples often feature similar behaviors, but such commonalities are difficult to detect with signature-based methods because of an increasing use of numerous freelyavailable randomized obfuscation tools. To address this problem, the security community is actively researching behavioral detection methods that commonly attempt to understand and differentiate how malware behaves, as opposed to just detecting syntactic patterns. We continue that line of research in this paper and explore how formal methods and tools of the verification trade could be used for malware detection and analysis. We propose a new approach to learning and generalizing from observed malware behaviors based on tree automata inference. In particular, we develop an algorithm for inferring k-testa...
Domagoj Babic, Daniel Reynaud, Dawn Song
Added 25 Aug 2011
Updated 25 Aug 2011
Type Journal
Year 2011
Where CAV
Authors Domagoj Babic, Daniel Reynaud, Dawn Song
Comments (0)