Skip to main content
Springer Nature Link
Log in

A New Approach to Malware Detection

  • Conference paper
Advances in Information Security and Assurance (ISA 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5576))

Included in the following conference series:

Abstract

Malware has become one of the most serious threats to computer users. Early techniques based on syntactic signatures can be easily bypassed using program obfuscation. A promising direction is to combine Control Flow Graph (CFG) with instruction-level information. However, since previous work includes only coarse information, i.e., the classes of instructions of basic blocks, it results in false positives during the detection. To address this issue, we propose a new approach that generates formalized expressions upon assignment statements within basic blocks. Through combining CFG with the functionalities of basic blocks, which are represented in terms of upper variables with their corresponding formalized expressions and system calls (if any), our approach can achieve more accurate malware detection compared to previous CFG-based solutions.

This work is supported in part by the National Sciences and Engineering Research Council of Canada under the Discovery Grants (Individual) program.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. 2007 malware report: The economic impact of viruses, spyware, adware, botnets, and other malicious code. Comoputer Economics (June 2007)

    Google Scholar 

  2. Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: Proceedings of the 12th USENIX Security Symposium, pp. 169–186 (2003)

    Google Scholar 

  3. Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: Proceedings of IEEE Symposium on Security and Privacy (2005)

    Google Scholar 

  4. Christodorescu, M., Kinder, J., Jha, S., Katzenbeisse, S., Veith, H.: Malware normalization. Technical Report 1539, Department of Computer Sciences, University of Wisconsin, Madison (2005)

    Google Scholar 

  5. Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic worm detection using structural information of executables. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 207–226. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  6. Bruschi, D., Martignoni, L., Monga, M.: Detecting self-mutating malware using control-flow graph matching. In: Büschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol. 4064, pp. 129–143. Springer, Heidelberg (2006)

    Google Scholar 

  7. Bruschi, D., Martignoni, L., Monga, M.: Using code normalization for fighting self-mutating malware. In: Proceedings of International Symposium on Secure Software Engineering (2006)

    Google Scholar 

  8. Bonfante, G., Kaczmarek, M., Marion, J.Y.: Control flow graphs as malware signatures. In: Proceedings of International Workshop on the Theory of Computer Viruses, TCV 2007 (2007)

    Google Scholar 

  9. Jin, R., Wei, Q., Yang, P., Wang, Q.: Normalization towards instruction substitution metamorphism based on standard instruction set. In: Proceedings of 2007 International Conference on Computational Intelligence and Security Workshops, pp. 795–798 (2007)

    Google Scholar 

  10. Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2005 (2005)

    Google Scholar 

  11. Bayer, U.: TTAnalyze: A tool for analyzing malware. Master’s thesis, Technical University of Vienna (December 2005)

    Google Scholar 

  12. Egele, M., Kruegel, C., Kirda, E., Yin, H., Song, D.: Dynamic spyware analysis. In: Proceedings of USENIX Annual Technical Conference, pp. 233–246 (2007)

    Google Scholar 

  13. Christodorescu, M., Jha, S.: Testing malware detectors. In: Proceedings of the 2004 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2004), pp. 34–44 (2004)

    Google Scholar 

  14. Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical Report 148, The University of Auckland (1997)

    Google Scholar 

  15. Cifuentes, C., Sendally, S.: Specifying the semantics of machine instructions. In: Proceedings of the 6th International Workshop on Program Comprehension (IWPC 1998), pp. 126–133 (1998)

    Google Scholar 

  16. Boomerang: http://boomerang.sourceforge.net/

Download references

Author information

Authors and Affiliations

  1. Concordia Institute for Information Systems Engineering, Concordia University, Canada

    Hongying Tang & Bo Zhu

  2. Department of Electrical and Computer Engineering, Illinois Institute of Technology, USA

    Kui Ren

Authors
  1. Hongying Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bo Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kui Ren
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Engineering Department, Kyungnam University, 449, Wolyong-dong, 631-701, Kyungnam, Masan, Korea

    Jong Hyuk Park

  2. Institute of Communications Engineering, National Sun Yat-Sen University, Kaohsiung City, Taiwan

    Hsiao-Hwa Chen

  3. School of Computer Science,, University of Oklahoma, 200 Felgar Street, 73019, P.O. Box, Norman, OK, USA

    Mohammed Atiquzzaman

  4. School of Computer Engineering, Hanshin University, Kyeong-Gi, Osan, Korea

    Changhoon Lee

  5. Division of Multimedia, Hannam University, Daejeon, Korea

    Tai-hoon Kim

  6. Division of Computer Engineering, Mokwon University, Daejeon, Korea

    Sang-Soo Yeo

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tang, H., Zhu, B., Ren, K. (2009). A New Approach to Malware Detection. In: Park, J.H., Chen, HH., Atiquzzaman, M., Lee, C., Kim, Th., Yeo, SS. (eds) Advances in Information Security and Assurance. ISA 2009. Lecture Notes in Computer Science, vol 5576. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02617-1_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-02617-1_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-02616-4

  • Online ISBN: 978-3-642-02617-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics