Static Analyzer of Vicious Executables (SAVE)
- 6 April 2005
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- p. 326-334
- https://doi.org/10.1109/csac.2004.37
Abstract
Software security assurance and malware (trojans, worms, and viruses, etc.) detection are important topics of information security. Software obfuscation, a general technique that is useful for protecting software from reverse engineering, can also be used by hackers to circumvent the malware detection tools. Current static malware detection techniques have serious limitations, and sandbox testing also fails to provide a complete solution due to time constraints. In this paper, we present a robust signature-based malware detection technique, with emphasis on detecting obfuscated (or polymorphic) malware and mutated (or metamorphic) malware. The hypothesis is that all versions of the same malware share a common core signature that is a combination of several features of the code. After a particular malware has been first identified, it can be analyzed to extract the signature, which provides a basis for detecting variants and mutants of the same malware in the future. Encouraging experimental results on a large set of recent malware are presented.Keywords
This publication has 5 references indexed in Scilit:
- A taxonomy of computer wormsPublished by Association for Computing Machinery (ACM) ,2003
- Static analysis of binary code to isolate malicious behaviorsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Watermarking, tamper-proofing, and obfuscation - tools for software protectionIEEE Transactions on Software Engineering, 2002
- Activity Pattern Analysis by Means of Sequence-Alignment MethodsEnvironment and Planning A: Economy and Space, 1998
- Computer virusesComputers & Security, 1987