Abstract
Computer viruses and worms are major threats for our computer infrastructure, and thus, for economy and society at large. Recent work has demonstrated that a model checking based approach to malware detection can capture the semantics of security exploits more accurately than traditional approaches, and consequently achieve higher detection rates. In this approach, malicious behavior is formalized using the expressive specification language CTPL based on classic CTL. This paper gives an overview of our toolchain for malware detection and presents our new system for computer assisted generation of malicious code specifications.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Kinder, J., Katzenbeisser, S., Schallhart, C., Veith, H.: Detecting malicious code by model checking. In: Julisch, K., Krügel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 174–187. Springer, Heidelberg (2005)
Szor, P.: The Art of Computer Virus Research and Defense. Symantec Press (2005)
Christodorescu, M., Jha, S.: Testing malware detectors. In: Avrunin, G.S., Rothermel, G. (eds.) Proceedings of the ACM/SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2004, pp. 34–44. ACM Press, New York (2004)
Jibz, Qwerton, snaker, xineohP: PEiD, http://peid.has.it/ , Last accessed (May 14, 2007)
Christodorescu, M., Kinder, J., Jha, S., Katzenbeisser, S., Veith, H.: Malware normalization. Technical Report 1539, University of Wisconsin, Madison, Wisconsin, USA (2005)
DataRescue sa/nv: IDA Pro http://www.datarescue.com/idabase/ , Last accessed (May 14, 2007)
Clarke, E., Emerson, E.: Design and synthesis of synchronization skeletons using branching time temporal logic. In: Kozen, D. (ed.) Logics of Programs. LNCS, vol. 131, pp. 52–71. Springer, Heidelberg (1982)
Kinder, J.: Model checking malicious code. Master’s thesis, Technische Universität München (2005)
Holzer, A.: Description languages for malicious software. Master’s thesis, Technische Universität München (2006)
White, S., Swimmer, M., Pring, E., Arnold, W., Chess, D., Morar, J.: Anatomy of a commercial-grade immune system. IBM Research White Paper (1999)
Christodorescu, M., Jha, S., Seshia, S., Song, D., Bryant, R.: Semantics-aware malware detection. In: 2005 IEEE Symposium on Security and Privacy (S&P 2005), pp. 32–46. IEEE Computer Society Press, Los Alamitos (2005)
Dalla Preda, M., Christodorescu, M., Jha, S., Debray, S.: A semantics-based approach to malware detection. In: Hofmann, M., Felleisen, M. (eds.) Proceedings of the 34th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2007, pp. 377–388. ACM Press, New York (2007)
Dwyer, M., Avrunin, G., Corbett, J.: Patterns in property specifications for finite-state verification. In: Proceedings of the 1999 International Conference on Software Engineering (ICSE 1999), pp. 411–420. ACM Press, New York (1999)
Wagner, D., Dean, D.: Intrusion detection via static analysis. In: 2001 IEEE Symposium on Security and Privacy (S&P 2001), may 2001, pp. 156–169. IEEE Computer Society Press, Los Alamitos (2001)
Liu, C., Ye, E., Richardson, D.J.: Software library usage pattern extraction using a software model checker. In: 21st IEEE/ACM International Conference on Automated Software Engineering (ASE 2006), pp. 301–304. IEEE Computer Society Press, Los Alamitos (2006)
Ammons, G., Bodík, R., Larus, J.: Mining specifications. In: Symposium on Principles of Programming Languages, pp. 4–16. ACM Press, New York (2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Holzer, A., Kinder, J., Veith, H. (2007). Using Verification Technology to Specify and Detect Malware. In: Moreno Díaz, R., Pichler, F., Quesada Arencibia, A. (eds) Computer Aided Systems Theory – EUROCAST 2007. EUROCAST 2007. Lecture Notes in Computer Science, vol 4739. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75867-9_63
Download citation
DOI: https://doi.org/10.1007/978-3-540-75867-9_63
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75866-2
Online ISBN: 978-3-540-75867-9
eBook Packages: Computer ScienceComputer Science (R0)