|
JAIST Repository >
School of Information Science >
JAIST Research Reports >
Research Report - School of Information Science : ISSN 0918-7553 >
IS-RR-2014 >
Please use this identifier to cite or link to this item:
https://hdl.handle.net/10119/12136
|
| Title: | Pushdown Model Generation of Malware |
| Authors: | Nguyen, Minh Hai
Ogawa, Mizuhito
Quan, Thanh Tho |
| Keywords: | concolic testing
pushdown system
malware detection
binary code analysis
self-modifying code |
| Issue Date: | 2014-06-24 |
| Publisher: | 北陸先端科学技術大学院大学情報科学研究科 |
| Magazine name: | Research report (School of Information Science, Japan Advanced Institute of Science and Technology) |
| Volume: | IS-RR-2014-003 |
| Start page: | 1 |
| End page: | 18 |
| Abstract: | Model checking software consists of two steps: model generation and model checking. A model is often generated statically by abstraction, and sometimes refined iteratively. However, model generation is not easy for malware, since malware is often distributed without source codes, but as binary executables. Worse, sophisticated malware tries to obfuscate its behavior, like self-modification, which dynamically modifies itself and destination of indirect jumps. This paper proposes a pushdown model generation of x86 binaries in an on-the-fly manner with concolic testing to decide the precise destinations of indirect jumps. A tool BE-PUM (Binary Emulation for Pushdown Model generation) is built on JakStab, and currently it covers 52 popular x86 instructions. Experiments are performed on 1700 malwares taken from malware database. Compared to JakStab and IDA Pro, two state-of-the-art tools in this field, BE-PUM shows better tracing ability, which sometimes shows significant differences. |
| URI: | https://hdl.handle.net/10119/12136 |
| Material Type: | publisher |
| Appears in Collections: | IS-RR-2014
|
Files in This Item:
| File |
Description |
Size | Format |
|---|
| IS-RR-2014-003.pdf | | 545Kb | Adobe PDF | View/Open |
|
All items in DSpace are protected by copyright, with all rights reserved.
|
