2021
DOI: 10.1007/s11416-021-00377-z
|View full text |Cite
|
Sign up to set email alerts
|

Learning metamorphic malware signatures from samples

Abstract: Metamorphic malware are self-modifying programs which apply semantic preserving transformations to their own code in order to foil detection systems based on signature matching. Metamorphism impacts both software security and code protection technologies: it is used by malware writers to evade detection systems based on pattern matching and by software developers for preventing malicious host attacks through software diversification. In this paper, we consider the problem of automatically extracting metamorphi… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
1
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
4
2
1

Relationship

1
6

Authors

Journals

citations
Cited by 10 publications
(5 citation statements)
references
References 26 publications
0
1
0
Order By: Relevance
“…Understanding the propagation of incompleteness through pre-metrics is closely linked to code obfuscation [16], which finds application in software protection [28,30,31] and malware analysis [40,44,26,12]. Being able to quantify the amount of incompleteness induced in the abstract interpretation by a codeobfuscating program transformation could enable us to measure the potency of these transformations.…”
Section: Discussionmentioning
confidence: 99%
“…Understanding the propagation of incompleteness through pre-metrics is closely linked to code obfuscation [16], which finds application in software protection [28,30,31] and malware analysis [40,44,26,12]. Being able to quantify the amount of incompleteness induced in the abstract interpretation by a codeobfuscating program transformation could enable us to measure the potency of these transformations.…”
Section: Discussionmentioning
confidence: 99%
“…Diversos trabalhos anteriores propuseram variadas formas de se gerar regras gerais que, a partir de um conjunto diminuto de amostas, representassem todas as suas variac ¸ões metamórficas ou polimórficas, isto é, aquelas que se automodificam, com base em criptografia ou não, a cada replicac ¸ão, na tentativa de dificultar a identificac ¸ão por soluc ¸ões de seguranc ¸a. [Campion et al 2021, Razeghi Borojerdi and Abadi 2013, Tang et al 2009]. Diferentemente do objetivo do SAUCY SPICE, as regras criadas por tais trabalhos limitam-se a generalizar as variac ¸ões polimórficas ou metamórficas.…”
Section: Trabalhos Relacionadosunclassified
“…Como resposta a esses desafios, a detecc ¸ão de malwares precisa evoluir no sentido de criar regras pequenas que representem o máximo possível de malwares e de se ter um mecanismo de gerac ¸ão automática de assinaturas [Aslan and Samet 2020]. Nesse sentido, trabalhos anteriores obtiveram êxito em criar mecanismos de gerac ¸ão automática de regras para malwares polimórficos/metamórficos [Campion et al 2021, Razeghi Borojerdi and Abadi 2013, Tang et al 2009]. Outros trabalhos também tiveram sucesso em criar mecanismos de criac ¸ão automática de assinaturas em cenários específicos.…”
Section: Introduc ¸ãOunclassified
“…Formal Grammar Mutation was used for the first time for the formalization of code morphing techniques in [17] and [18]. Recent studies show the use of Formal Grammar to understand the metamorphic malware signature from different code variants [19], [20].…”
Section: Background Study and Related Workmentioning
confidence: 99%