TY - JOUR
T1 - Software transformations to improve malware detection
AU - Christodorescu, Mihai
AU - Jha, Somesh
AU - Kinder, Johannes
AU - Katzenbeisser, Stefan
AU - Veith, Helmut
PY - 2007
Y1 - 2007
N2 - Malware is code designed for a malicious purpose, such as obtaining root privilege on a host. A malware detector identifies malware and thus prevents it from adversely affecting a host. In order to evade detection, malware writers use various obfuscation techniques to transform their malware. There is strong evidence that commercial malware detectors are susceptible to these evasion tactics. In this paper, we describe the design and implementation of a malware transformer that reverses the obfuscations performed by a malware writer. Our experimental evaluation demonstrates that this malware transformer can drastically improve the detection rates of commercial malware detectors.
AB - Malware is code designed for a malicious purpose, such as obtaining root privilege on a host. A malware detector identifies malware and thus prevents it from adversely affecting a host. In order to evade detection, malware writers use various obfuscation techniques to transform their malware. There is strong evidence that commercial malware detectors are susceptible to these evasion tactics. In this paper, we describe the design and implementation of a malware transformer that reverses the obfuscations performed by a malware writer. Our experimental evaluation demonstrates that this malware transformer can drastically improve the detection rates of commercial malware detectors.
U2 - 10.1007/s11416-007-0059-8
DO - 10.1007/s11416-007-0059-8
M3 - Article
SN - 1772-9904
VL - 3
SP - 253
EP - 265
JO - Journal in Computer Virology
JF - Journal in Computer Virology
IS - 4
ER -