COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. |
University of Cambridge > Talks.cam > Computer Laboratory Programming Research Group Seminar > Extracting the Semantic Signature of Malware, Metamorphic Viruses and Worms
Extracting the Semantic Signature of Malware, Metamorphic Viruses and WormsAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Alan Mycroft. [Shyam is visiting the CL until 14 October 2010.] Malware is increasingly becoming a serious threat and a nuisance in the information and network age. Human experts extract (involves complex analysis of encrypted and/or packed binaries) a signature (usually a text pattern) of the malware and deploy it, to protect against a malware. However, this approach does not work for polymorphic and metamorphic malware, which have the ability to change shape from attack to attack; also, metamorphic virus detection (even assuming fixed length) is NP-complete. To counter these advanced forms of malware we need semantic signatures which capture the essential behaviour of the malware (which remains unchanged across variants). In this talk, we present an algorithmic approach for extracting the semantic signature of a malware—as a regular expression over API calls—and demonstrate via experiments its efficacy in detecting and predicting malware variants. Our approach involves two steps. In the first step, we collect and abstract the behaviour (as a sequence of security relevant API /system calls) of the malware in different runs. In the second step, we inductively learn (under the supervision of a human expert) a regular expression that tightly fits these behaviours (generalizing where necessary). This regular expression then acts as the semantic signature of the malware. We performed experiments with the metamorphic virus Etap/Simile, and the email worms Beagle, Netsky and MyDoom. Experimental results give us a good confidence that our approach can be effectively used for malware detection. This talk is part of the Computer Laboratory Programming Research Group Seminar series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsType the title of a new list here Logic & Semantics for Dummies MRC LMB Seminar SeriesOther talksThe Anne McLaren Lecture: CRISPR-Cas Gene Editing: Biology, Technology and Ethics Social Representations of Women who Live as Men in Northern Albania White dwarfs as tracers of cosmic, galactic, stellar & planetary evolution Microsporidia: diverse, opportunistic and pervasive pathogens Cooperation, Construction, Coercion, Consent: Understanding the Role of Reimagined Urban Space within Nazi Germany and Fascist Italy Managing your research data effectively and working reproducibly for beginners Retinal mechanisms of non-image-forming vision The Rise of Augmented Intelligence in Edge Networks Inferring the Evolutionary History of Cancers: Statistical Methods and Applications A rose by any other name An approach to the four colour theorem via Donaldson- Floer theory |