 |
Mihai Christodorescu
Doctoral Candidate
1210 W Dayton St
Office 7372
Madison, WI 53706-1685
|
This paper was published as Technical Report # 1539 at the Department of Computer Sciences, University of Wisconsin, Madison.
Mihai Christodorescu, while working as a research assistant on the WiSA project, was supported in part by the Office of Naval Research (ONR) under contracts N00014-01-1-0796 and N00014-01-1-0708.
Downloads:
Abstract
Malware is code designed for a malicious purpose, such as obtaining root privilege on a host. A malware detector identifies malware and thus prevents it from adversely affecting a host. In order to evade detection by malware detectors, malware writers use various obfuscation techniques to transform their malware. There is strong evidence that commercial malware detectors are susceptible to these evasion tactics.
In this paper, we describe the design and implementation of a malware transformer that reverses the obfuscations performed by a malware writer. Our experimental evaluation demonstrates that this malware transformer can drastically improve detection rates of commercial malware detectors. Moreover, a malware transformer can also ease the task of forensic analysis.