Journal in Computer Virology

, Volume 3, Issue 4, pp 253–265

Software transformations to improve malware detection

  • Mihai Christodorescu
  • Somesh Jha
  • Johannes Kinder
  • Stefan Katzenbeisser
  • Helmut Veith
Original Paper

DOI: 10.1007/s11416-007-0059-8

Cite this article as:
Christodorescu, M., Jha, S., Kinder, J. et al. J Comput Virol (2007) 3: 253. doi:10.1007/s11416-007-0059-8

Abstract

Malware is code designed for a malicious purpose, such as obtaining root privilege on a host. A malware detector identifies malware and thus prevents it from adversely affecting a host. In order to evade detection, malware writers use various obfuscation techniques to transform their malware. There is strong evidence that commercial malware detectors are susceptible to these evasion tactics. In this paper, we describe the design and implementation of a malware transformer that reverses the obfuscations performed by a malware writer. Our experimental evaluation demonstrates that this malware transformer can drastically improve the detection rates of commercial malware detectors.

Copyright information

© Springer-Verlag France 2007

Authors and Affiliations

  • Mihai Christodorescu
    • 1
  • Somesh Jha
    • 1
  • Johannes Kinder
    • 2
  • Stefan Katzenbeisser
    • 2
  • Helmut Veith
    • 2
  1. 1.University of WisconsinMadisonUSA
  2. 2.Technische Universität MünchenMunichGermany

Personalised recommendations