Malware Analysis with Tree Automata Inference
[PDF] [PS] [PS.BZ2] [VIEW]
Bibtex:
@article{babic11malicious,
author = {Domagoj Babi\'c and Daniel Reynaud and Dawn Song},
title = {{Recognizing Malicious Software Behaviors with Tree Automata Inference}},
journal = {Formal Methods in System Design},
volume = {41},
number = {1},
publisher = {Springer},
pages = {107--128},
year = {2012},
}
Abstract:
We explore how formal methods and tools of the verification trade could
be used for malware detection and analysis. In particular, we propose a
new approach to learning and generalizing from observed malware
behaviors based on tree automata inference. Our approach infers
k-testable tree automata from system call dataflow dependency graphs. We
show how inferred automata can be used for malware recognition and
classification.