Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Semantics aware malware detection ppt

1,820 views

Published on

Published in: Technology
  • Be the first to comment

Semantics aware malware detection ppt

  1. 1. Semantics-Aware Malware Detection By Manish Kumar Yadav presented
  2. 2. Contents • Introduction • Goals • Technique • Semantics of malware • Malicious code detector • Strengths and limitations • Related work • Conclusion
  3. 3. INTRODUCTION • A malware detector is a system that attempts to determine whether a program has malicious intent. • A malware instance is a program that has malicious intent. • Examples of malware instance viruses, • trojans, and worms.
  4. 4. Goals • The goal of a malware writer (hacker) is to modify their malware to avoid detection by a malware detector. • The goal of this paper is to design a malware detection algorithm that uses semantics of instructions
  5. 5. Technique Aware Malware Detection • A common technique used by malware writers to evade detection is program obfuscation • Polymorphism and metamorphism • A polymorphic virus obfuscates its decryption loop using several transformations • Metamorphic viruses attempt to evade detection by obfuscating the entire virus.
  6. 6. Tanslation-validation techniques • Translation-validation techniques determine whether the two programs are semantically equivalent. • We use the observation that certain malicious behaviors appear in all variants of a certain malware. • We use semantic algorithm to discover malicious program.
  7. 7. Semantics of malware detection • Specifying the malicious behavior. • Templates • Variables • symbolic constants
  8. 8. Formal semantics • A template T = (IT , VT ,CT ) is a 3-tuple, where IT is a sequence of instructions and VT and CT are the set of variables and symbolic constants. Two types of symbolic constants. • n-ary function F(n) and n-ary predicate P(n)
  9. 9. The Malicious Code Detector
  10. 10. Strengths and limitations • Code reordering • Register renaming • Garbage insertion • Equivalent instruction replacement • same form needed • the use of def-use chains for value preservation checking.
  11. 11. Related work • Malware detection • Translation validation • Software verification
  12. 12. Conclusion • We observe that certain malicious behaviors appear in all variants of a certain malware. • We also presented a malware-detection algorithm that is sound with respect to our semantics.
  13. 13. • Thanks For Your Attention

×