Malware detection is a crucial aspect of software security. A malware detector is a system that attempts to determine whether a program has malicious intent. Current malware detectors work by checking for signatures, which attempt to capture the syntactic characteristics of the machine level byte sequence of the malware. This syntactic approach makes current detectors vulnerable to code obfuscations, increasingly used by malware writers that alter the syntactic properties of the malware byte sequence without significantly affecting their execution behavior. This paper derives from the idea that the key to malware identification lies in their syntactic as well as semantic features. It explains an approach using control flow graphs (CFG) for malware detectors. We present an architecture for detecting malicious patterns in executables that is resilient to common obfuscation transformations. © 2010 ACM.
cited By (since 1996)0; Conference of org.apache.xalan.xsltc.dom.DOMAdapter@721d7af ; Conference Date: org.apache.xalan.xsltc.dom.DOMAdapter@3ed725d1 Through org.apache.xalan.xsltc.dom.DOMAdapter@1ef3dc92; Conference Code:82507
S. S. Anju, Harmya, P., Jagadeesh, N., and Darsana, R., “Malware detection using assembly code and control flow graph optimization”, in Proceedings of the 1st Amrita ACM-W Celebration of Women in Computing in India, A2CWiC'10, Coimbatore, 2010.