Formal Specification of Malware Models in the Form of Colored Petri Nets

Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 330)


We propose a formal modeling method of malicious software that support its detection and countermeasure. In order to detect malware there is a need to posses either digital signatures or behavioral models. As the obfuscation techniques makes the malware almost undetectable the classic signature-based anti-virus tools must be supported by behavioral analysis. A malware hunting tool we developed bases on the formal models in the form of Colored Petri nets and the attitude to modeling is presented in this article.


malware cyber attack Colored Petri net malware detection behavioral analysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bereziński, P., Szpyrka, M., Jasiul, B., Mazur, M.: Network anomaly detection using parameterized entropy. In: Saeed, K., Snášel, V. (eds.) CISIM 2014. LNCS, vol. 8838, pp. 465–478. Springer, Heidelberg (2014)Google Scholar
  2. 2.
    Jasiul, B., Śliwa, J., Gleba, K., Szpyrka, M.: Identification of malware activities with rules. In: Proceedings of the Federated Conference on Computer Science and Information Systems, Warsaw, Poland (2014)Google Scholar
  3. 3.
    Jasiul, B., Szpyrka, M., Śliwa, J.: Malware behavior modeling with Colored Petri nets. In: Saeed, K., Snášel, V. (eds.) CISIM 2014. LNCS, vol. 8838, pp. 667–679. Springer, Heidelberg (2014)Google Scholar
  4. 4.
    Jensen, K.: Coloured Petri Nets. Basic Concepts, Analysis Methods and Practical Use, vol. 1-3. Springer, Berlin (1992-1997)Google Scholar
  5. 5.
    Jensen, K., Kristensen, L.: Coloured Petri Nets: Modelling and Validation of Concurrent Systems, 1st edn. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    KasperskyLab: The malware classification tree (2013),
  7. 7.
    Petri, C.A.: Communication with automata. Tech. rep., New York (1965); English translation of Kommunikation mit Automaten. PhD Dissertation, University of Bonn (1962)Google Scholar
  8. 8.
    Sikorski, M., Honig, A.: Practical Malware Analysis. The Hands-on Guide to Dissecting Malicious Software. No Starch Press, Inc., San Francisco (2012)Google Scholar
  9. 9.
    Sliwa, J., Gleba, K., Chmiel, W., Szwed, P., Glowacz, A.: IOEM - Ontology engineering methodology for large systems. In: Jędrzejowicz, P., Nguyen, N.T., Hoang, K. (eds.) ICCCI 2011, Part I. LNCS, vol. 6922, pp. 602–611. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Szpyrka, M.: Analysis of RTCP-nets with reachability graphs. Fundamenta Informaticae 74(2-3), 375–390 (2006)zbMATHMathSciNetGoogle Scholar
  11. 11.
    Szpyrka, M., Jasiul, B., Wrona, K., Dziedzic, F.: Telecommunications networks risk assessment with Bayesian networks. In: Saeed, K., Chaki, R., Cortesi, A., Wierzchoń, S. (eds.) CISIM 2013. LNCS, vol. 8104, pp. 277–288. Springer, Heidelberg (2013)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  1. 1.C4I Systems’ DepartmentMilitary Communication InstituteZegrzePoland
  2. 2.Department of Applied Computer ScienceAGH University of Science and TechnologyKrakówPoland

Personalised recommendations