2014
DOI: 10.1093/comjnl/bxu148
|View full text |Cite
|
Sign up to set email alerts
|

Annotated Control Flow Graph for Metamorphic Malware Detection

Abstract: Metamorphism is a technique that mutates the binary code using different obfuscations and never keeps the same sequence of opcodes in the memory. This stealth technique provides the capability to a malware for evading detection by simple signature-based (such as instruction sequences, byte sequences and string signatures) anti-malware programs. In this paper, we present a new scheme named Annotated Control Flow Graph (ACFG) to efficiently detect such kinds of malware. ACFG is built by annotating CFG of a binar… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
14
0
2

Year Published

2018
2018
2024
2024

Publication Types

Select...
5
3

Relationship

0
8

Authors

Journals

citations
Cited by 37 publications
(17 citation statements)
references
References 34 publications
0
14
0
2
Order By: Relevance
“…In this approach, the code is put under observation and approximate runtime behavior/pattern is predicted to detect the malware. In the static approach, many detection mechanisms are proposed such as annotated context-free graph [125], disassembled code [126], portable executable binary code [127] and honeypots [128]. Using this technique dynamic analysis of the malware is difficult to conceal.…”
Section: Malware Detectionmentioning
confidence: 99%
“…In this approach, the code is put under observation and approximate runtime behavior/pattern is predicted to detect the malware. In the static approach, many detection mechanisms are proposed such as annotated context-free graph [125], disassembled code [126], portable executable binary code [127] and honeypots [128]. Using this technique dynamic analysis of the malware is difficult to conceal.…”
Section: Malware Detectionmentioning
confidence: 99%
“…Alam et.al [21] apresentam uma estrutura chamada de Grafo de Controle de Fluxo Anotado (GCFA), construído a partir das funções do código binário de instâncias de malware. Operações comumente utilizadas em código assembly são mapeadas a classes que são utilizadas para anotar os GCFAs.…”
Section: B Comparação De Estruturas Semânticas Em Forma De Grafosunclassified
“…Ainda há dois blocos especiais, o bloco de entrada e o bloco de saída, de onde se começa e termina o fluxo, respectivamente. Formalmente um grafo de controle de fluxo pode ser definido como [21]:…”
Section: Detecção De Malware Metamórfico Usando Gddunclassified
“…AESA helps to determine the nearest neighbour of the signature tree. Another proposal by Alam et al (2014c) focused on real-time detection that is also platform independent. This was achieved by disassembling and translating the binary program into an intermediate language called Malware Analysis Intermediate Language (MAIL).…”
Section: B Control Flow Graph (Cfg)mentioning
confidence: 99%
“…History of Malware evolution shows that many malicious software were written for fun or testing software behaviour. However, state-ofthe-art malware is also developed for financial gain (Alam et al, 2014c), political influence, enabling anti-social behaviour such as cyberstalking (al-Khateeb et al, 2016), or to sabotaging the defence systems of a country. Consequently, malware coding became extremely sophisticated.…”
Section: Introductionmentioning
confidence: 99%