Publication Type : Conference Paper
Publisher : A2CWiC'10
Source : Proceedings of the 1st Amrita ACM-W Celebration of Women in Computing in India, A2CWiC'10, Coimbatore (2010)
Keywords : Assembly code, Code obfuscation, Codes (symbols), Computer crime, Control flow graphs, Current detector, Data flow analysis, detection, Detectors, Executables, Graphic methods, Machine level, malware, Malware detection, Malwares, Network security, Optimization, Semantic features, Software security, Syntactic approach, Syntactic properties, Syntactics
Year : 2010
Abstract : Malware detection is a crucial aspect of software security. A malware detector is a system that attempts to determine whether a program has malicious intent. Current malware detectors work by checking for signatures, which attempt to capture the syntactic characteristics of the machine level byte sequence of the malware. This syntactic approach makes current detectors vulnerable to code obfuscations, increasingly used by malware writers that alter the syntactic properties of the malware byte sequence without significantly affecting their execution behavior. This paper derives from the idea that the key to malware identification lies in their syntactic as well as semantic features. It explains an approach using control flow graphs (CFG) for malware detectors. We present an architecture for detecting malicious patterns in executables that is resilient to common obfuscation transformations. © 2010 ACM.
Cite this Research Publication : S. S. Anju, Harmya, P., Jagadeesh, N., and Darsana, R., “Malware detection using assembly code and control flow graph optimization”, in Proceedings of the 1st Amrita ACM-W Celebration of Women in Computing in India, A2CWiC'10, Coimbatore, 2010.