Malware Normalization (bibtex)
by Mihai Christodorescu, Johannes Kinder, Somesh Jha, Stefan Katzenbeisser, Helmut Veith
Abstract:
Malware is code designed for a malicious purpose, such as obtaining root privilege on a host. A malware detector identifies malware and thus prevents it from adversely affecting a host. In order to evade detection by malware detectors, malware writers use various obfuscation techniques to transform their malware. There is strong evidence that commercial malware detectors are susceptible to these evasion tactics. In this paper, we describe the design and implementation of a malware normalizer that undoes the obfuscations performed by a malware writer. Our experimental evaluation demonstrates that a malware normalizer can drastically improve detection rates of commercial malware detectors. Moreover, a malware normalizer can also ease the task of forensic analysis of malware.
Reference:
Malware NormalizationMihai Christodorescu, Johannes Kinder, Somesh Jha, Stefan Katzenbeisser, Helmut VeithNovember 2005, Technical report, University of Wisconsin, Madison.
Bibtex Entry:
@techreport{ChristodorescuKinderJhaKatzenbeisserVeith-malnorm2005,
  author = {Mihai Christodorescu and Johannes Kinder and Somesh Jha and Stefan
  Katzenbeisser and Helmut Veith},
  title = {Malware Normalization},
  number = {1539},
  month = {November},
  year = {2005},
  address = {Wisconsin, USA},
  institution = {University of Wisconsin, Madison},
  abstract = {Malware is code designed for a malicious purpose, such as obtaining
  root privilege on a host. A malware detector identifies malware and thus
  prevents it from adversely affecting a host. In order to evade detection by
  malware detectors, malware writers use various obfuscation techniques to
  transform their malware. There is strong evidence that commercial malware
  detectors are susceptible to these evasion tactics. In this paper, we
  describe the design and implementation of a malware normalizer that undoes
  the obfuscations performed by a malware writer. Our experimental evaluation
  demonstrates that a malware normalizer can drastically improve detection
  rates of commercial malware detectors. Moreover, a malware normalizer can
  also ease the task of forensic analysis of malware.}
}
Powered by bibtexbrowser