Sciweavers

TDSC
2010

Proactive Detection of Computer Worms Using Model Checking

13 years 6 months ago
Proactive Detection of Computer Worms Using Model Checking
Although recent estimates are speaking of 200,000 different viruses, worms, and Trojan horses, the majority of them are variants of previously existing malware. As these variants mostly differ in their binary representation rather than their functionality, they can be recognized by analyzing the program behavior, even though they are not covered by the signature databases of current antivirus tools. Proactive malware detectors mitigate this risk by detection procedures which use a single signature to detect whole classes of functionally related malware without signature updates. It is evident that the quality of proactive detection procedures depends on their ability to analyze the semantics of the binary. In this paper, we propose the use of model checking--a well established software verification technique--for proactive malware detection. We describe a tool which extracts an annotated control flow graph from the binary and automatically verifies it against a formal malware specifica...
Johannes Kinder, Stefan Katzenbeisser, Christian S
Added 21 May 2011
Updated 21 May 2011
Type Journal
Year 2010
Where TDSC
Authors Johannes Kinder, Stefan Katzenbeisser, Christian Schallhart, Helmut Veith
Comments (0)