Semantics-Aware Malware Detection
A malware detector is a system that attempts to determine whether a
program has malicious intent. In order to evade detection, malware
writers (hackers) frequently use obfuscation to morph malware. Malware
detectors that use a pattern-matching approach (such as commercial
virus scanners) are susceptible to obfuscations used by hackers. The
fundamental deficiency in the pattern-matching approach to malware
detection is that it is purely syntactic and ignores the semantics of
instructions. In this paper, we present a malware-detection algorithm
that addresses this deficiency by incorporating instruction semantics
to detect malicious program traits. Experimental evaluation
demonstrates that our malware-detection algorithm can detect variants
of malware with a relatively low run-time overhead. Moreover, our
semantics-aware malware detection algorithm is resilient to common
obfuscations used by hackers.
Download:[PS,PDF]
Somesh Jha
Last modified: Thu Mar 23 13:50:34 CST 2006