Home > Table of Contents


Proceedings of 2009 International Symposium on Computer Science and Computational Technology (ISCSCT 2009)

Huangshan, China, December 26-28, 2009

Editors: Fei Yu, Guangxue Yue, Jian Shu, Yun Liu

AP Catalog Number: AP-PROC-CS-09CN005

ISBN: 978-952-5726-07-7 (Print), 978-952-5726-08-4 (CD-ROM)

Page(s): 139-142

Formal Description and Analysis of Malware Detection Algorithm AMCM

Ying Zeng, Fenlin Liu, Xiangyang Luo, and Chunfang Yang

Full text: PDF


Code obfuscation can alter the syntactic pro-perties of malware byte sequences without significantly affecting their execution behaviors. Thus it can easily foil signature-based detection. In this paper, the ability of handling obfuscation transformations of the semantics-based malware detection algorithm AMCM proposed by Gao et al. is discussed using abstract interpretation theory from a semantic point of view. First, a formal description of the algorithm AMCM is proposed. Then an equivalent trace-based detector is developed. Finally, the oracle soundness and oracle completeness of the trace-based detector for a restricted class of obfuscation transformations which preserve the variation relation are shown.

Index Terms

malware detection, code obfuscation, trace semantics, abstract interpretation

Copyright @ 2009 ACADEMY PUBLISHER All rights reserved