IRIS Institutional Research Information System - AIR Archivio Istituzionale della Ricerca

Next generation malware will by be characterized by the intense use of polymorphic and metamorphic techniques aimed at circumventing the current malware detectors, based on pattern matching. In order to deal with this new kind of threat, novel techniques have to be devised for the realization of malware detectors. Recent papers started to address such an issue and this paper represents a further contribution in such a field. More precisely in this paper we propose a strategy for the detection of metamorphic malicious code inside a program P based on the comparison of the control flow graphs of P against the set of control flow graphs of known malware. We also provide experimental data supporting the validity of our strategy.

Detecting Self-Mutating Malware Using Control-Flow Graph Matching / D.M. Bruschi, L. Martignoni, M. Monga - In: Detection of intrusions and malware & vulnerability assessment : third international conference, DIMVA 2006, Berlin, Germany, July 13 - 14, 2006 ; proceedings / Roland Büschkes ... (eds.). - [s.l] : Springer-Verlag, Berlin Heidelberg, 2006 Jul. - ISBN 3-540-36014-X. - pp. 129-143 (( convegno DIMVA, GI SIG SIDAR Conference on Detection of Intrusions and Malware & Vulnerability Assessment ; 3 tenutosi a Berlin nel 2006.

Detecting Self-Mutating Malware Using Control-Flow Graph Matching

D.M. Bruschi^Primo;L. Martignoni^Secondo;M. Monga^Ultimo

2006

Abstract

Next generation malware will by be characterized by the intense use of polymorphic and metamorphic techniques aimed at circumventing the current malware detectors, based on pattern matching. In order to deal with this new kind of threat, novel techniques have to be devised for the realization of malware detectors. Recent papers started to address such an issue and this paper represents a further contribution in such a field. More precisely in this paper we propose a strategy for the detection of metamorphic malicious code inside a program P based on the comparison of the control flow graphs of P against the set of control flow graphs of known malware. We also provide experimental data supporting the validity of our strategy.

Scheda breve

Scheda completa

Scheda completa (DC)

	Settori scientifico-disciplinari del contributo
	
			Settore INF/01 - Informatica
		
	Data di pubblicazione
	
			lug-2006
		
	Enti collegati al convegno
	
			IEEE
		
	Tipologia
	
			Book Part (author)
		
	Appare nelle tipologie:
	
			03 - Contributo in volume

File in questo prodotto:

Non ci sono file associati a questo prodotto.

Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/20142

Citazioni

ND

154

110

social impact