Abstract:
A malware detector is a system that attempts to determine whether
a program has malicious intent. In order to evade detection,
malware writers (hackers) frequently use obfuscation to morph
malware. Malware detectors that use a pattern-matching approach
(such as commercial virus scanners) are susceptible to
obfuscations used by hackers. The fundamental deficiency in the
pattern-matching approach to malware detection is that it is
purely syntactic and ignores the semantics of instructions. In
this paper, we present a malware-detection algorithm that
addresses this deficiency by incorporating instruction semantics
to detect malicious program traits. Experimental evaluation
demonstrates that our malware-detection algorithm can detect
variants of malware with a relatively low run-time overhead.
Moreover, our semantics-aware malware detection algorithm is
resilient to common obfuscations used by hackers.
Paper available in PDF format.