Proceedings ArticleDOI
PoMMaDe: pushdown model-checking for malware detection
Fu Song,Tayssir Touili +1 more
- pp 607-610
TLDR
PoMMaDe was able to detect several malwares that could not be detected by well-known anti-viruses such as Avira, Avast, Kaspersky, McAfee, AVG, BitDefender, Eset Nod32, F-Secure, Norton, Panda, Trend Micro and Qihoo 360.Abstract:
We present PoMMaDe, a Pushd own Model-checking based M alware D etector. In PoMMaDe, a binary program is modeled as a pushdown system (PDS) which allows to track the stack of the program, and malicious behaviors are specified in SCTPL or SLTPL, where SCTPL (resp. SLTPL) is an extension of CTL (resp. LTL) with variables, quantifiers, and predicates over the stack (needed for malware specification). The malware detection problem is reduced to SCTPL/SLTPL model-checking for PDSs. PoMMaDe allows us to detect 600 real malwares, 200 new malwares generated by two malware generators NGVCK and VCL32, and prove benign programs are benign. In particular, PoMMaDe was able to detect several malwares that could not be detected by well-known anti-viruses such as Avira, Avast, Kaspersky, McAfee, AVG, BitDefender, Eset Nod32, F-Secure, Norton, Panda, Trend Micro and Qihoo 360.read more
Citations
More filters
Book ChapterDOI
Ransomware Steals Your Phone. Formal Methods Rescue It
TL;DR: A methodology based on formal methods that is able to detect the ransomware and to identify in the malware's code the instructions that implement the characteristic instructions of the ransomware is proposed.
Journal ArticleDOI
Talos: no more ransomware victims with formal methods
Aniello Cimitile,Francesco Mercaldo,Vittoria Nardone,Antonella Santone,Corrado Aaron Visaggio +4 more
TL;DR: A methodology based on formal methods for detecting ransomware malware on Android devices is discussed, and the obtained results show that Talos is very effective in recognizing ransomware even when it is obfuscated.
Proceedings ArticleDOI
Ransomware Inside Out
TL;DR: This paper uses formal methods, in particular model checking, to automatically dissect ransomware samples, starting from manual inspection of few samples and defining a set of rule in order to check whether the behaviours the authors find are representative of ransomware functionalities.
Journal ArticleDOI
LEILA: Formal Tool for Identifying Mobile Malicious Behaviour
Gerardo Canfora,Fabio Martinelli,Francesco Mercaldo,Vittoria Nardone,Antonella Santone,Corrado Aaron Visaggio +5 more
TL;DR: The design and implementation of LEILA (formaL tool for idEntifying mobIle maLicious behAviour), a tool targeted at Android malware families detection, are presented and demonstrated that the tool is effective in detecting malicious behaviour and, especially, in localizing the payload within the code.
Proceedings ArticleDOI
Identification of Android Malware Families with Model Checking
Pasquale Battista,Francesco Mercaldo,Vittoria Nardone,Antonella Santone,Corrado Aaron Visaggio +4 more
TL;DR: A model checking based approach in detecting Android malware families by means of analysing and verifying the Java Bytecode that is produced when the source code is compiled is presented.
References
More filters
Proceedings ArticleDOI
The SLAM project: debugging system software via static analysis
Thomas Ball,Sriram K. Rajamani +1 more
TL;DR: This work has successfully applied the SLAM toolkit to Windows XP device drivers, to both validate behavior and find defects in their usage of kernel APIs.
Proceedings ArticleDOI
Semantics-aware malware detection
TL;DR: Experimental evaluation demonstrates that the malware-detection algorithm can detect variants of malware with a relatively low run-time overhead and the semantics-aware malware detection algorithm is resilient to common obfuscations used by hackers.
ReportDOI
Static analysis of executables to detect malicious patterns
Mihai Christodorescu,Somesh Jha +1 more
TL;DR: An architecture for detecting malicious patterns in executables that is resilient to common obfuscation transformations is presented, and experimental results demonstrate the efficacy of the prototype tool, SAFE (a static analyzer for executables).
Journal ArticleDOI
The software model checker B last : Applications to software engineering
TL;DR: This paper gives an introduction to Blast and demonstrates, through two case studies, how it can be applied to program verification and test-case generation.
Proceedings Article
Dynamic spyware analysis
TL;DR: A novel dynamic analysis approach that precisely tracks the flow of sensitive information as it is processed by the web browser and any loaded browser helper objects and can identify unknown components as spyware and provide comprehensive reports on their behavior.