Using Verification Technology to Specify and Detect Malware (bibtex)
by Andreas Holzer, Johannes Kinder, Helmut Veith
Abstract:
Computer viruses and worms are major threats for our computer infrastructure, and thus, for economy and society at large. Recent work has demonstrated that a model checking based approach to malware detection can capture the semantics of security exploits more accurately than traditional approaches, and consequently achieve higher detection rates. In this approach, malicious behavior is formalized using the expressive specification language CTPL based on classic CTL. This paper gives an overview of our toolchain for malware detection and presents our new system for computer assisted generation of malicious code specifications.
Reference:
Using Verification Technology to Specify and Detect MalwareAndreas Holzer, Johannes Kinder, Helmut Veith11th International Conference on Computer Aided Systems Theory (EUROCAST 2007), volume 4739 of Lecture Notes in Computer Science, pages 497-504, 2007, Springer.
Bibtex Entry:
@inproceedings{HolzerKinderVeith-eurocast07,
  author = {Andreas Holzer and Johannes Kinder and Helmut Veith},
  title = {Using Verification Technology to Specify and Detect Malware},
  year = {2007},
  booktitle = {11th International Conference on Computer Aided Systems Theory
  (EUROCAST 2007)},
  pages = {497--504},
  publisher = {Springer},
  series = {Lecture Notes in Computer Science},
  volume = {4739},
  abstract = {Computer viruses and worms are major threats for our computer
  infrastructure, and thus, for economy and society at large. Recent work has
  demonstrated that a model checking based approach to malware detection can
  capture the semantics of security exploits more accurately than traditional
  approaches, and consequently achieve higher detection rates. In this
  approach, malicious behavior is formalized using the expressive specification
  language CTPL based on classic CTL. This paper gives an overview of our
  toolchain for malware detection and presents our new system for computer
  assisted generation of malicious code specifications.}
}
Powered by bibtexbrowser