Skip to main content

Using Verification Technology to Specify and Detect Malware

  • Conference paper
Computer Aided Systems Theory – EUROCAST 2007 (EUROCAST 2007)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4739))

Included in the following conference series:

Abstract

Computer viruses and worms are major threats for our computer infrastructure, and thus, for economy and society at large. Recent work has demonstrated that a model checking based approach to malware detection can capture the semantics of security exploits more accurately than traditional approaches, and consequently achieve higher detection rates. In this approach, malicious behavior is formalized using the expressive specification language CTPL based on classic CTL. This paper gives an overview of our toolchain for malware detection and presents our new system for computer assisted generation of malicious code specifications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Kinder, J., Katzenbeisser, S., Schallhart, C., Veith, H.: Detecting malicious code by model checking. In: Julisch, K., Krügel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 174–187. Springer, Heidelberg (2005)

    Google Scholar 

  2. Szor, P.: The Art of Computer Virus Research and Defense. Symantec Press (2005)

    Google Scholar 

  3. Christodorescu, M., Jha, S.: Testing malware detectors. In: Avrunin, G.S., Rothermel, G. (eds.) Proceedings of the ACM/SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2004, pp. 34–44. ACM Press, New York (2004)

    Chapter  Google Scholar 

  4. Jibz, Qwerton, snaker, xineohP: PEiD, http://peid.has.it/ , Last accessed (May 14, 2007)

  5. Christodorescu, M., Kinder, J., Jha, S., Katzenbeisser, S., Veith, H.: Malware normalization. Technical Report 1539, University of Wisconsin, Madison, Wisconsin, USA (2005)

    Google Scholar 

  6. DataRescue sa/nv: IDA Pro http://www.datarescue.com/idabase/ , Last accessed (May 14, 2007)

  7. Clarke, E., Emerson, E.: Design and synthesis of synchronization skeletons using branching time temporal logic. In: Kozen, D. (ed.) Logics of Programs. LNCS, vol. 131, pp. 52–71. Springer, Heidelberg (1982)

    Chapter  Google Scholar 

  8. Kinder, J.: Model checking malicious code. Master’s thesis, Technische Universität München (2005)

    Google Scholar 

  9. Holzer, A.: Description languages for malicious software. Master’s thesis, Technische Universität München (2006)

    Google Scholar 

  10. White, S., Swimmer, M., Pring, E., Arnold, W., Chess, D., Morar, J.: Anatomy of a commercial-grade immune system. IBM Research White Paper (1999)

    Google Scholar 

  11. Christodorescu, M., Jha, S., Seshia, S., Song, D., Bryant, R.: Semantics-aware malware detection. In: 2005 IEEE Symposium on Security and Privacy (S&P 2005), pp. 32–46. IEEE Computer Society Press, Los Alamitos (2005)

    Chapter  Google Scholar 

  12. Dalla Preda, M., Christodorescu, M., Jha, S., Debray, S.: A semantics-based approach to malware detection. In: Hofmann, M., Felleisen, M. (eds.) Proceedings of the 34th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2007, pp. 377–388. ACM Press, New York (2007)

    Chapter  Google Scholar 

  13. Dwyer, M., Avrunin, G., Corbett, J.: Patterns in property specifications for finite-state verification. In: Proceedings of the 1999 International Conference on Software Engineering (ICSE 1999), pp. 411–420. ACM Press, New York (1999)

    Google Scholar 

  14. Wagner, D., Dean, D.: Intrusion detection via static analysis. In: 2001 IEEE Symposium on Security and Privacy (S&P 2001), may 2001, pp. 156–169. IEEE Computer Society Press, Los Alamitos (2001)

    Chapter  Google Scholar 

  15. Liu, C., Ye, E., Richardson, D.J.: Software library usage pattern extraction using a software model checker. In: 21st IEEE/ACM International Conference on Automated Software Engineering (ASE 2006), pp. 301–304. IEEE Computer Society Press, Los Alamitos (2006)

    Chapter  Google Scholar 

  16. Ammons, G., Bodík, R., Larus, J.: Mining specifications. In: Symposium on Principles of Programming Languages, pp. 4–16. ACM Press, New York (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Roberto Moreno Díaz Franz Pichler Alexis Quesada Arencibia

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Holzer, A., Kinder, J., Veith, H. (2007). Using Verification Technology to Specify and Detect Malware. In: Moreno Díaz, R., Pichler, F., Quesada Arencibia, A. (eds) Computer Aided Systems Theory – EUROCAST 2007. EUROCAST 2007. Lecture Notes in Computer Science, vol 4739. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75867-9_63

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-75867-9_63

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-75866-2

  • Online ISBN: 978-3-540-75867-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics