Next generation malware will by be characterized by the intense use of polymorphic and metamorphic techniques aimed at circumventing the current malware detectors, based on pattern matching. In order to deal with this new kind of threat, novel techniques have to be devised for the realization of malware detectors. Recent papers started to address such an issue and this paper represents a further contribution in such a field. More precisely in this paper we propose a strategy for the detection of metamorphic malicious code inside a program P based on the comparison of the control flow graphs of P against the set of control flow graphs of known malware. We also provide experimental data supporting the validity of our strategy.
Detecting Self-Mutating Malware Using Control-Flow Graph Matching / D.M. Bruschi, L. Martignoni, M. Monga - In: Detection of intrusions and malware & vulnerability assessment : third international conference, DIMVA 2006, Berlin, Germany, July 13 - 14, 2006 ; proceedings / Roland Büschkes ... (eds.). - [s.l] : Springer-Verlag, Berlin Heidelberg, 2006 Jul. - ISBN 3-540-36014-X. - pp. 129-143 (( convegno DIMVA, GI SIG SIDAR Conference on Detection of Intrusions and Malware & Vulnerability Assessment ; 3 tenutosi a Berlin nel 2006.
Detecting Self-Mutating Malware Using Control-Flow Graph Matching
D.M. BruschiPrimo
;L. MartignoniSecondo
;M. MongaUltimo
2006
Abstract
Next generation malware will by be characterized by the intense use of polymorphic and metamorphic techniques aimed at circumventing the current malware detectors, based on pattern matching. In order to deal with this new kind of threat, novel techniques have to be devised for the realization of malware detectors. Recent papers started to address such an issue and this paper represents a further contribution in such a field. More precisely in this paper we propose a strategy for the detection of metamorphic malicious code inside a program P based on the comparison of the control flow graphs of P against the set of control flow graphs of known malware. We also provide experimental data supporting the validity of our strategy.Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.