by Andreas Holzer, Johannes Kinder, Helmut Veith
Abstract:
Computer viruses and worms are major threats for our computer infrastructure, and thus, for economy and society at large. Recent work has demonstrated that a model checking based approach to malware detection can capture the semantics of security exploits more accurately than traditional approaches, and consequently achieve higher detection rates. In this approach, malicious behavior is formalized using the expressive specification language CTPL based on classic CTL. This paper gives an overview of our toolchain for malware detection and presents our new system for computer assisted generation of malicious code specifications.
Reference:
Using Verification Technology to Specify and Detect MalwareAndreas Holzer, Johannes Kinder, Helmut Veith11th International Conference on Computer Aided Systems Theory (EUROCAST 2007), volume 4739 of Lecture Notes in Computer Science, pages 497-504, 2007, Springer.
Bibtex Entry:
@inproceedings{HolzerKinderVeith-eurocast07,
author = {Andreas Holzer and Johannes Kinder and Helmut Veith},
title = {Using Verification Technology to Specify and Detect Malware},
year = {2007},
booktitle = {11th International Conference on Computer Aided Systems Theory
(EUROCAST 2007)},
pages = {497--504},
publisher = {Springer},
series = {Lecture Notes in Computer Science},
volume = {4739},
abstract = {Computer viruses and worms are major threats for our computer
infrastructure, and thus, for economy and society at large. Recent work has
demonstrated that a model checking based approach to malware detection can
capture the semantics of security exploits more accurately than traditional
approaches, and consequently achieve higher detection rates. In this
approach, malicious behavior is formalized using the expressive specification
language CTPL based on classic CTL. This paper gives an overview of our
toolchain for malware detection and presents our new system for computer
assisted generation of malicious code specifications.}
}