Skip to main content
SpringerLink
Log in

The Grand Challenge in Metamorphic Analysis

  • Conference paper
Information Systems, Technology and Management (ICISTM 2012)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 285))

Abstract

Malware detection is a crucial aspect of software security. Malware typically recur to a variety of disguise and concealing techniques in order to avoid detection. Metamorphism is the ability of a program to mutate its form yet keeping unchanged its functionality and therefore its danger in case of malware. A major challenge in this field is the development of general automatic/systematic detection techniques that are able to catch the possible variants of a metamorphic malware. We take the position that the key for handling metamorphism relies in a deeper understanding of the semantics of the metamorphic malware. By applying standard formal methods we aim at proving that metamorphic analysis is a special case of program analysis, where the object of computation is code interpreted as a mutational data structure.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Babić, D., Reynaud, D., Song, D.: Malware Analysis with Tree Automata Inference. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 116–131. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  2. Beaucamps, P., Gnaedig, I., Marion, J.Y.: Behavior Abstraction in Malware Analysis. In: Barringer, H., Falcone, Y., Finkbeiner, B., Havelund, K., Lee, I., Pace, G., Roşu, G., Sokolsky, O., Tillmann, N. (eds.) RV 2010. LNCS, vol. 6418, pp. 168–182. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  3. Cai, H., Shao, Z., Vaynberg, A.: Certified self-modifying code. In: ACM PLDI, pp. 66–77 (2007)

    Google Scholar 

  4. Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: USENIX Security Symp., pp. 169-186. USENIX Association (2003)

    Google Scholar 

  5. Christodorescu, M., Jha, S.: Testing malware detectors. In: ISSTA 2004, pp. 34–44 (2004)

    Google Scholar 

  6. Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: Proc. of the IEEE Security and Privacy, pp. 32–46 (2005)

    Google Scholar 

  7. Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: ACM POPL, pp. 238–252 (1977)

    Google Scholar 

  8. Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: ACM POPL, pp. 269–282 (1979)

    Google Scholar 

  9. Dalla Preda, M., Giacobazzi, R., Debray, S., Coogan, K., Townsend, G.M.: Modelling Metamorphism by Abstract Interpretation. In: Cousot, R., Martel, M. (eds.) SAS 2010. LNCS, vol. 6337, pp. 218–235. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  10. Dalla Preda, M., Christodorescu, M., Jha, S., Debray, S.: A semantics-based approach to malware detection. In: ACM POPL, pp. 377–388 (2007)

    Google Scholar 

  11. Dalla Preda, M., Giacobazzi, R.: Semantics-based Code Obfuscation by Abstract Interpretation. J. of Computer Security 17(6), 855–908 (2009)

    Google Scholar 

  12. de la Higuera, C.: Grammatical Inference Learning Automata and Grammars. Cambridge University Press (2010)

    Google Scholar 

  13. Eyraud, R., de la Higuera, C., Janodet, J.C.: LARS: A Learning Algorithm for Rewriting Systems. Machine Learning 66(1), 7–31 (2007)

    Article  Google Scholar 

  14. Jacob, G., Filiol, E., Debar, H.: Formalization of Viruses and Malware Through Process Algebras. In: ARES 2010, pp. 597–602. IEEE Computer Society (2010)

    Google Scholar 

  15. Kinder, J., Katzenbeisser, S., Schallhart, C., Veith, H.: Detecting Malicious Code by Model Checking. In: Julisch, K., Krügel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 174–187. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  16. Krishna Rao, M.R.K.: Some classes of term rewriting systems inferable from positive data. Theoretical Computer Science 397(1-3), 129–149 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  17. Lakhotia, A., Boccardo, D.R., Singh, A., Manacero, A.: Context-sensitive analysis of obfuscated x86 executables. In: Proc. of ACM PEPM 2010, pp. 131-140 (2010)

    Google Scholar 

  18. Lo, R.W., Levitt, K.N., Olsson, R.A.: MCF: A malicious code filter. Computers & Security 14, 541–566 (1995)

    Article  Google Scholar 

  19. Myreen, M.O.: Verified just-in-time compiler on x86. In: Proc. of the 37th ACM POPL 2010, pp. 107-118 (2010)

    Google Scholar 

  20. Nielson, F., Nielson, H., Hankin, C.: Principles of Program Analysis (2004)

    Google Scholar 

  21. Plotkin, G.: A note on inductive generalization. Machine Intell. 5, 153–163 (1970)

    MathSciNet  Google Scholar 

  22. Singh, P., Lakhotia, A.: Static verification of worm and virus behaviour in binary executables using model checking. In: Proc. of the 4th IEEE Information Assurance Workshop. IEEE Computer Society, Los Alamitos (2003)

    Google Scholar 

  23. Ször, P.: The Art of Computer Virus Research and Defense. Addison-Wesley Professional (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, INRIA, University of Bologna, Italy

    Mila Dalla Preda

Authors
  1. Mila Dalla Preda
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science, College of Engineering and Science, Louisiana Tech University, 71272, Ruston, LA, USA

    Sumeet Dua

  2. Department of Information Systems, College of Engineering and Information, Technology, UMBC, 1000 Hilltop Circle, 2125, Baltimore, MD, USA

    Aryya Gangopadhyay

  3. Department of Computer Science, The University of Manitoba, Winnipeg, MB, Canada

    Parimala Thulasiraman

  4. ISTI - CNR, Pisa, Italy

    Umberto Straccia

  5. Faculty of Computer Science, Dalhousie University Halifax, B3H 1W5, Nova Scotia, Canada

    Michael Shepherd

  6. Faculty of Media: Media Systems, Bauhaus University Weimar, 99421, Weimar, Germany

    Benno Stein

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Dalla Preda, M. (2012). The Grand Challenge in Metamorphic Analysis. In: Dua, S., Gangopadhyay, A., Thulasiraman, P., Straccia, U., Shepherd, M., Stein, B. (eds) Information Systems, Technology and Management. ICISTM 2012. Communications in Computer and Information Science, vol 285. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29166-1_42

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29166-1_42

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29165-4

  • Online ISBN: 978-3-642-29166-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation