Sciweavers

TACAS
2012
Springer

Pushdown Model Checking for Malware Detection

12 years 8 months ago
Pushdown Model Checking for Malware Detection
The number of malware is growing extraordinarily fast. Therefore, it is important to have efficient malware detectors. Malware writers try to obfuscate their code by different techniques. Many of these well-known obfuscation techniques rely on operations on the stack such as inserting dead code by adding useless push and pop instructions, or hiding calls to the operating system, etc. Thus, it is important for malware detectors to be able to deal with the program’s stack. In this paper we propose a new model-checking approach for malware detection that takes into account the behavior of the stack. Our approach consists in : (1) Modeling the program using a Pushdown System (PDS). (2) Introducing a new logic, called SCTPL, to represent the malicious behavior. SCTPL can be seen as an extension of the branching-time temporal logic CTL with variables, quantifiers, and predicates over the stack. (3) Reducing the malware detection problem to the model-checking problem of PDSs against SCTPL...
Fu Song, Tayssir Touili
Added 25 Apr 2012
Updated 25 Apr 2012
Type Journal
Year 2012
Where TACAS
Authors Fu Song, Tayssir Touili
Comments (0)