Abstract
Malware detection is a crucial aspect of software security. Malware typically recur to a variety of disguise and concealing techniques in order to avoid detection. Metamorphism is the ability of a program to mutate its form yet keeping unchanged its functionality and therefore its danger in case of malware. A major challenge in this field is the development of general automatic/systematic detection techniques that are able to catch the possible variants of a metamorphic malware. We take the position that the key for handling metamorphism relies in a deeper understanding of the semantics of the metamorphic malware. By applying standard formal methods we aim at proving that metamorphic analysis is a special case of program analysis, where the object of computation is code interpreted as a mutational data structure.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Babić, D., Reynaud, D., Song, D.: Malware Analysis with Tree Automata Inference. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 116–131. Springer, Heidelberg (2011)
Beaucamps, P., Gnaedig, I., Marion, J.Y.: Behavior Abstraction in Malware Analysis. In: Barringer, H., Falcone, Y., Finkbeiner, B., Havelund, K., Lee, I., Pace, G., Roşu, G., Sokolsky, O., Tillmann, N. (eds.) RV 2010. LNCS, vol. 6418, pp. 168–182. Springer, Heidelberg (2010)
Cai, H., Shao, Z., Vaynberg, A.: Certified self-modifying code. In: ACM PLDI, pp. 66–77 (2007)
Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: USENIX Security Symp., pp. 169-186. USENIX Association (2003)
Christodorescu, M., Jha, S.: Testing malware detectors. In: ISSTA 2004, pp. 34–44 (2004)
Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: Proc. of the IEEE Security and Privacy, pp. 32–46 (2005)
Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: ACM POPL, pp. 238–252 (1977)
Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: ACM POPL, pp. 269–282 (1979)
Dalla Preda, M., Giacobazzi, R., Debray, S., Coogan, K., Townsend, G.M.: Modelling Metamorphism by Abstract Interpretation. In: Cousot, R., Martel, M. (eds.) SAS 2010. LNCS, vol. 6337, pp. 218–235. Springer, Heidelberg (2010)
Dalla Preda, M., Christodorescu, M., Jha, S., Debray, S.: A semantics-based approach to malware detection. In: ACM POPL, pp. 377–388 (2007)
Dalla Preda, M., Giacobazzi, R.: Semantics-based Code Obfuscation by Abstract Interpretation. J. of Computer Security 17(6), 855–908 (2009)
de la Higuera, C.: Grammatical Inference Learning Automata and Grammars. Cambridge University Press (2010)
Eyraud, R., de la Higuera, C., Janodet, J.C.: LARS: A Learning Algorithm for Rewriting Systems. Machine Learning 66(1), 7–31 (2007)
Jacob, G., Filiol, E., Debar, H.: Formalization of Viruses and Malware Through Process Algebras. In: ARES 2010, pp. 597–602. IEEE Computer Society (2010)
Kinder, J., Katzenbeisser, S., Schallhart, C., Veith, H.: Detecting Malicious Code by Model Checking. In: Julisch, K., Krügel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 174–187. Springer, Heidelberg (2005)
Krishna Rao, M.R.K.: Some classes of term rewriting systems inferable from positive data. Theoretical Computer Science 397(1-3), 129–149 (2008)
Lakhotia, A., Boccardo, D.R., Singh, A., Manacero, A.: Context-sensitive analysis of obfuscated x86 executables. In: Proc. of ACM PEPM 2010, pp. 131-140 (2010)
Lo, R.W., Levitt, K.N., Olsson, R.A.: MCF: A malicious code filter. Computers & Security 14, 541–566 (1995)
Myreen, M.O.: Verified just-in-time compiler on x86. In: Proc. of the 37th ACM POPL 2010, pp. 107-118 (2010)
Nielson, F., Nielson, H., Hankin, C.: Principles of Program Analysis (2004)
Plotkin, G.: A note on inductive generalization. Machine Intell. 5, 153–163 (1970)
Singh, P., Lakhotia, A.: Static verification of worm and virus behaviour in binary executables using model checking. In: Proc. of the 4th IEEE Information Assurance Workshop. IEEE Computer Society, Los Alamitos (2003)
Ször, P.: The Art of Computer Virus Research and Defense. Addison-Wesley Professional (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dalla Preda, M. (2012). The Grand Challenge in Metamorphic Analysis. In: Dua, S., Gangopadhyay, A., Thulasiraman, P., Straccia, U., Shepherd, M., Stein, B. (eds) Information Systems, Technology and Management. ICISTM 2012. Communications in Computer and Information Science, vol 285. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29166-1_42
Download citation
DOI: https://doi.org/10.1007/978-3-642-29166-1_42
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29165-4
Online ISBN: 978-3-642-29166-1
eBook Packages: Computer ScienceComputer Science (R0)