Software Transformations to Improve Malware Detection (bibtex)
by Mihai Christodorescu, Johannes Kinder, Somesh Jha, Stefan Katzenbeisser, Helmut Veith
Abstract:
Malware is code designed for a malicious purpose, such as obtaining root privilege on a host. A malware detector identifies malware and thus prevents it from adversely affecting a host. In order to evade detection, malware writers use various obfuscation techniques to transform their malware. There is strong evidence that commercial malware detectors are susceptible to these evasion tactics. In this paper, we describe the design and implementation of a malware transformer that reverses the obfuscations performed by a malware writer. Our experimental evaluation demonstrates that this malware transformer can drastically improve the detection rates of commercial malware detectors.
Reference:
Software Transformations to Improve Malware DetectionMihai Christodorescu, Johannes Kinder, Somesh Jha, Stefan Katzenbeisser, Helmut VeithJournal in Computer Virology, volume 3, number 4, pages 253-265, November 2007.
Bibtex Entry:
@article{ChristodorescuKinderJhaKatzenbeisserVeith-jicv07,
  author = {Mihai Christodorescu and Johannes Kinder and Somesh Jha and Stefan
  Katzenbeisser and Helmut Veith},
  title = {Software Transformations to Improve Malware Detection},
  number = {4},
  month = {November},
  year = {2007},
  journal = {Journal in Computer Virology},
  pages = {253--265},
  volume = {3},
  abstract = {Malware is code designed for a malicious purpose, such as obtaining
  root privilege on a host. A malware detector identifies malware and thus
  prevents it from adversely affecting a host. In order to evade detection,
  malware writers use various obfuscation techniques to transform their
  malware. There is strong evidence that commercial malware detectors are
  susceptible to these evasion tactics. In this paper, we describe the design
  and implementation of a malware transformer that reverses the obfuscations
  performed by a malware writer. Our experimental evaluation demonstrates that
  this malware transformer can drastically improve the detection rates of
  commercial malware detectors.}
}
Powered by bibtexbrowser