Software transformations to improve malware detection

by: Mihai Christodorescu, Somesh Jha, Johannes Kinder, Stefan Katzenbeisser, Helmut Veith

Journal in Computer Virology, Vol. 3, No. 4. (17 November 2007), pp. 253-265.

View FullText article

Springer (DOI), http://dx.doi.org.arugula.cc.columbia.edu…

Reviews [Write a review of this article]

There are no reviews of this article

Find related articles from these CiteULike users

voiklis

Find related articles with these CiteULike tags

compression-distance, _d_methodological, intention-reading, methodology

Abstract

Abstract Malware is code designed for a malicious purpose, such as obtaining root privilege on a host. A malware detector identifies malware and thus prevents it from adversely affecting a host. In order to evade detection, malware writers use various obfuscation techniques to transform their malware. There is strong evidence that commercial malware detectors are susceptible to these evasion tactics. In this paper, we describe the design and implementation of a malware transformer that reverses the obfuscations performed by a malware writer. Our experimental evaluation demonstrates that this malware transformer can drastically improve the detection rates of commercial malware detectors.

@article{citeulike:2017910, abstract = {Abstract\ \ Malware is code designed for a malicious purpose, such as obtaining root privilege on a host. A malware detector identifies malware and thus prevents it from adversely affecting a host. In order to evade detection, malware writers use various obfuscation techniques to transform their malware. There is strong evidence that commercial malware detectors are susceptible to these evasion tactics. In this paper, we describe the design and implementation of a malware transformer that reverses the obfuscations performed by a malware writer. Our experimental evaluation demonstrates that this malware transformer can drastically improve the detection rates of commercial malware detectors.}, author = {Christodorescu, Mihai and Jha, Somesh and Kinder, Johannes and Katzenbeisser, Stefan and Veith, Helmut }, citeulike-article-id = {2017910}, journal = {Journal in Computer Virology}, keywords = {\_d\_methodological, compression-distance, intention-reading, methodology}, month = {November}, number = {4}, pages = {253--265}, posted-at = {2007-11-29 18:14:44}, priority = {3}, title = {Software transformations to improve malware detection}, url = {http://dx.doi.org/10.1007/s11416-007-0059-8}, volume = {3}, year = {2007} }

RIS record

TY - JOUR ID - citeulike:2017910 L3 - citeulike-article-id:2017910 TI - Software transformations to improve malware detection JF - Journal in Computer Virology VL - 3 IS - 4 SP - 253 EP - 265 N2 - Abstract  Malware is code designed for a malicious purpose, such as obtaining root privilege on a host. A malware detector identifies malware and thus prevents it from adversely affecting a host. In order to evade detection, malware writers use various obfuscation techniques to transform their malware. There is strong evidence that commercial malware detectors are susceptible to these evasion tactics. In this paper, we describe the design and implementation of a malware transformer that reverses the obfuscations performed by a malware writer. Our experimental evaluation demonstrates that this malware transformer can drastically improve the detection rates of commercial malware detectors. KW - _d_methodological KW - compression-distance KW - intention-reading KW - methodology AU - Christodorescu, Mihai AU - Jha, Somesh AU - Kinder, Johannes AU - Katzenbeisser, Stefan AU - Veith, Helmut PY - 2007/11/17/ UR - http://dx.doi.org/10.1007/s11416-007-0059-8 ER -

RIS BibTeX