Corpus
PascalFrancis
Racine
Corpus
Checkpoint
PascalFrancis
Racine
PascalFrancis
Exploration
Accueil
Racine
Racine

Serveur d'exploration sur la recherche en informatique en Lorraine

Attention, ce site est en cours de développement !
Attention, site généré par des moyens informatiques à partir de corpus bruts.
Les informations ne sont donc pas validées.

Architecture of a morphological malware detector : EICAR 2008

Identifieur interne : 000244 ( PascalFrancis/Corpus ); précédent : 000243; suivant : 000245

Architecture of a morphological malware detector : EICAR 2008

Auteurs : Guillaume Bonfante ; Matthieu Kaczmarek ; Jean-Yves Marion

Source :

RBID : Pascal:10-0051671

Descripteurs français

English descriptors

Abstract

Most of malware detectors are based on syntactic signatures that identify known malicious programs. Up to now this architecture has been sufficiently efficient to overcome most of malware attacks. Nevertheless, the complexity of malicious codes still increase. As a result the time required to reverse engineer malicious programs and to forge new signatures is increasingly longer. This study proposes an efficient construction of a morphological malware detector, that is a detector which associates syntactic and semantic analysis. It aims at facilitating the task of malware analysts providing some abstraction on the signature representation which is based on control flow graphs. We build an efficient signature matching engine over tree automata techniques. Moreover we describe a generic graph rewriting engine in order to deal with classic mutations techniques. Finally, we provide a preliminary evaluation of the strategy detection carrying out experiments on a malware collection.

Notice en format standard (ISO 2709)

Pour connaître la documentation sur le format Inist Standard.

pA  
A01 01  1    @0 1772-9890
A03   1    @0 J. comput. virol.
A05       @2 5
A06       @2 3
A08 01  1  ENG  @1 Architecture of a morphological malware detector : EICAR 2008
A11 01  1    @1 BONFANTE (Guillaume)
A11 02  1    @1 KACZMAREK (Matthieu)
A11 03  1    @1 MARION (Jean-Yves)
A14 01      @1 Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239 @2 54506 Vandœuvre-lès-Nancy @3 FRA @Z 1 aut. @Z 2 aut. @Z 3 aut.
A20       @1 263-270
A21       @1 2009
A23 01      @0 ENG
A43 01      @1 INIST @2 27849 @5 354000170957880070
A44       @0 0000 @1 © 2010 INIST-CNRS. All rights reserved.
A45       @0 20 ref.
A47 01  1    @0 10-0051671
A60       @1 P
A61       @0 A
A64 01  1    @0 Journal in computer virology
A66 01      @0 FRA
C01 01    ENG  @0 Most of malware detectors are based on syntactic signatures that identify known malicious programs. Up to now this architecture has been sufficiently efficient to overcome most of malware attacks. Nevertheless, the complexity of malicious codes still increase. As a result the time required to reverse engineer malicious programs and to forge new signatures is increasingly longer. This study proposes an efficient construction of a morphological malware detector, that is a detector which associates syntactic and semantic analysis. It aims at facilitating the task of malware analysts providing some abstraction on the signature representation which is based on control flow graphs. We build an efficient signature matching engine over tree automata techniques. Moreover we describe a generic graph rewriting engine in order to deal with classic mutations techniques. Finally, we provide a preliminary evaluation of the strategy detection carrying out experiments on a malware collection.
C02 01  X    @0 001D02B07C
C03 01  X  FRE  @0 Sécurité informatique @5 06
C03 01  X  ENG  @0 Computer security @5 06
C03 01  X  SPA  @0 Seguridad informatica @5 06
C03 02  X  FRE  @0 Analyse syntaxique @5 07
C03 02  X  ENG  @0 Syntactic analysis @5 07
C03 02  X  SPA  @0 Análisis sintáxico @5 07
C03 03  X  FRE  @0 Attaque informatique @5 08
C03 03  X  ENG  @0 Computer attack @5 08
C03 03  X  SPA  @0 Ataque informática @5 08
C03 04  X  FRE  @0 Analyse sémantique @5 09
C03 04  X  ENG  @0 Semantic analysis @5 09
C03 04  X  SPA  @0 Análisis semántico @5 09
C03 05  X  FRE  @0 Automate arbre @5 10
C03 05  X  ENG  @0 Tree automaton @5 10
C03 05  X  SPA  @0 Autómata árbol @5 10
C03 06  X  FRE  @0 Rétroingénierie @5 18
C03 06  X  ENG  @0 Reverse engineering @5 18
C03 06  X  SPA  @0 Ingeniera inversa @5 18
C03 07  X  FRE  @0 Abstraction @5 19
C03 07  X  ENG  @0 Abstraction @5 19
C03 07  X  SPA  @0 Abstracción @5 19
C03 08  X  FRE  @0 Réécriture @5 20
C03 08  X  ENG  @0 Rewriting @5 20
C03 08  X  SPA  @0 Reescritura @5 20
C03 09  X  FRE  @0 Transformation graphe @5 23
C03 09  X  ENG  @0 Graph transformation @5 23
C03 09  X  SPA  @0 Transformación grafo @5 23
C03 10  X  FRE  @0 . @4 INC @5 82
N21       @1 032
N44 01      @1 OTO
N82       @1 OTO

Format Inist (serveur)

NO : PASCAL 10-0051671 INIST
ET : Architecture of a morphological malware detector : EICAR 2008
AU : BONFANTE (Guillaume); KACZMAREK (Matthieu); MARION (Jean-Yves)
AF : Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239/54506 Vandœuvre-lès-Nancy/France (1 aut., 2 aut., 3 aut.)
DT : Publication en série; Niveau analytique
SO : Journal in computer virology; ISSN 1772-9890; France; Da. 2009; Vol. 5; No. 3; Pp. 263-270; Bibl. 20 ref.
LA : Anglais
EA : Most of malware detectors are based on syntactic signatures that identify known malicious programs. Up to now this architecture has been sufficiently efficient to overcome most of malware attacks. Nevertheless, the complexity of malicious codes still increase. As a result the time required to reverse engineer malicious programs and to forge new signatures is increasingly longer. This study proposes an efficient construction of a morphological malware detector, that is a detector which associates syntactic and semantic analysis. It aims at facilitating the task of malware analysts providing some abstraction on the signature representation which is based on control flow graphs. We build an efficient signature matching engine over tree automata techniques. Moreover we describe a generic graph rewriting engine in order to deal with classic mutations techniques. Finally, we provide a preliminary evaluation of the strategy detection carrying out experiments on a malware collection.
CC : 001D02B07C
FD : Sécurité informatique; Analyse syntaxique; Attaque informatique; Analyse sémantique; Automate arbre; Rétroingénierie; Abstraction; Réécriture; Transformation graphe; .
ED : Computer security; Syntactic analysis; Computer attack; Semantic analysis; Tree automaton; Reverse engineering; Abstraction; Rewriting; Graph transformation
SD : Seguridad informatica; Análisis sintáxico; Ataque informática; Análisis semántico; Autómata árbol; Ingeniera inversa; Abstracción; Reescritura; Transformación grafo
LO : INIST-27849.354000170957880070
ID : 10-0051671

Links to Exploration step

Pascal:10-0051671

Le document en format XML

<record>
<TEI>
<teiHeader>
<fileDesc>
<titleStmt>
<title xml:lang="en" level="a">Architecture of a morphological malware detector : EICAR 2008</title>
<author>
<name sortKey="Bonfante, Guillaume" sort="Bonfante, Guillaume" uniqKey="Bonfante G" first="Guillaume" last="Bonfante">Guillaume Bonfante</name>
<affiliation>
<inist:fA14 i1="01">
<s1>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239</s1>
<s2>54506 Vandœuvre-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
<sZ>2 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
<author>
<name sortKey="Kaczmarek, Matthieu" sort="Kaczmarek, Matthieu" uniqKey="Kaczmarek M" first="Matthieu" last="Kaczmarek">Matthieu Kaczmarek</name>
<affiliation>
<inist:fA14 i1="01">
<s1>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239</s1>
<s2>54506 Vandœuvre-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
<sZ>2 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
<author>
<name sortKey="Marion, Jean Yves" sort="Marion, Jean Yves" uniqKey="Marion J" first="Jean-Yves" last="Marion">Jean-Yves Marion</name>
<affiliation>
<inist:fA14 i1="01">
<s1>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239</s1>
<s2>54506 Vandœuvre-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
<sZ>2 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
</titleStmt>
<publicationStmt>
<idno type="wicri:source">INIST</idno>
<idno type="inist">10-0051671</idno>
<date when="2009">2009</date>
<idno type="stanalyst">PASCAL 10-0051671 INIST</idno>
<idno type="RBID">Pascal:10-0051671</idno>
<idno type="wicri:Area/PascalFrancis/Corpus">000244</idno>
</publicationStmt>
<sourceDesc>
<biblStruct>
<analytic>
<title xml:lang="en" level="a">Architecture of a morphological malware detector : EICAR 2008</title>
<author>
<name sortKey="Bonfante, Guillaume" sort="Bonfante, Guillaume" uniqKey="Bonfante G" first="Guillaume" last="Bonfante">Guillaume Bonfante</name>
<affiliation>
<inist:fA14 i1="01">
<s1>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239</s1>
<s2>54506 Vandœuvre-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
<sZ>2 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
<author>
<name sortKey="Kaczmarek, Matthieu" sort="Kaczmarek, Matthieu" uniqKey="Kaczmarek M" first="Matthieu" last="Kaczmarek">Matthieu Kaczmarek</name>
<affiliation>
<inist:fA14 i1="01">
<s1>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239</s1>
<s2>54506 Vandœuvre-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
<sZ>2 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
<author>
<name sortKey="Marion, Jean Yves" sort="Marion, Jean Yves" uniqKey="Marion J" first="Jean-Yves" last="Marion">Jean-Yves Marion</name>
<affiliation>
<inist:fA14 i1="01">
<s1>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239</s1>
<s2>54506 Vandœuvre-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
<sZ>2 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
</analytic>
<series>
<title level="j" type="main">Journal in computer virology</title>
<title level="j" type="abbreviated">J. comput. virol.</title>
<idno type="ISSN">1772-9890</idno>
<imprint>
<date when="2009">2009</date>
</imprint>
</series>
</biblStruct>
</sourceDesc>
<seriesStmt>
<title level="j" type="main">Journal in computer virology</title>
<title level="j" type="abbreviated">J. comput. virol.</title>
<idno type="ISSN">1772-9890</idno>
</seriesStmt>
</fileDesc>
<profileDesc>
<textClass>
<keywords scheme="KwdEn" xml:lang="en">
<term>Abstraction</term>
<term>Computer attack</term>
<term>Computer security</term>
<term>Graph transformation</term>
<term>Reverse engineering</term>
<term>Rewriting</term>
<term>Semantic analysis</term>
<term>Syntactic analysis</term>
<term>Tree automaton</term>
</keywords>
<keywords scheme="Pascal" xml:lang="fr">
<term>Sécurité informatique</term>
<term>Analyse syntaxique</term>
<term>Attaque informatique</term>
<term>Analyse sémantique</term>
<term>Automate arbre</term>
<term>Rétroingénierie</term>
<term>Abstraction</term>
<term>Réécriture</term>
<term>Transformation graphe</term>
<term>.</term>
</keywords>
</textClass>
</profileDesc>
</teiHeader>
<front>
<div type="abstract" xml:lang="en">Most of malware detectors are based on syntactic signatures that identify known malicious programs. Up to now this architecture has been sufficiently efficient to overcome most of malware attacks. Nevertheless, the complexity of malicious codes still increase. As a result the time required to reverse engineer malicious programs and to forge new signatures is increasingly longer. This study proposes an efficient construction of a morphological malware detector, that is a detector which associates syntactic and semantic analysis. It aims at facilitating the task of malware analysts providing some abstraction on the signature representation which is based on control flow graphs. We build an efficient signature matching engine over tree automata techniques. Moreover we describe a generic graph rewriting engine in order to deal with classic mutations techniques. Finally, we provide a preliminary evaluation of the strategy detection carrying out experiments on a malware collection.</div>
</front>
</TEI>
<inist>
<standard h6="B">
<pA>
<fA01 i1="01" i2="1">
<s0>1772-9890</s0>
</fA01>
<fA03 i2="1">
<s0>J. comput. virol.</s0>
</fA03>
<fA05>
<s2>5</s2>
</fA05>
<fA06>
<s2>3</s2>
</fA06>
<fA08 i1="01" i2="1" l="ENG">
<s1>Architecture of a morphological malware detector : EICAR 2008</s1>
</fA08>
<fA11 i1="01" i2="1">
<s1>BONFANTE (Guillaume)</s1>
</fA11>
<fA11 i1="02" i2="1">
<s1>KACZMAREK (Matthieu)</s1>
</fA11>
<fA11 i1="03" i2="1">
<s1>MARION (Jean-Yves)</s1>
</fA11>
<fA14 i1="01">
<s1>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239</s1>
<s2>54506 Vandœuvre-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
<sZ>2 aut.</sZ>
<sZ>3 aut.</sZ>
</fA14>
<fA20>
<s1>263-270</s1>
</fA20>
<fA21>
<s1>2009</s1>
</fA21>
<fA23 i1="01">
<s0>ENG</s0>
</fA23>
<fA43 i1="01">
<s1>INIST</s1>
<s2>27849</s2>
<s5>354000170957880070</s5>
</fA43>
<fA44>
<s0>0000</s0>
<s1>© 2010 INIST-CNRS. All rights reserved.</s1>
</fA44>
<fA45>
<s0>20 ref.</s0>
</fA45>
<fA47 i1="01" i2="1">
<s0>10-0051671</s0>
</fA47>
<fA60>
<s1>P</s1>
</fA60>
<fA61>
<s0>A</s0>
</fA61>
<fA64 i1="01" i2="1">
<s0>Journal in computer virology</s0>
</fA64>
<fA66 i1="01">
<s0>FRA</s0>
</fA66>
<fC01 i1="01" l="ENG">
<s0>Most of malware detectors are based on syntactic signatures that identify known malicious programs. Up to now this architecture has been sufficiently efficient to overcome most of malware attacks. Nevertheless, the complexity of malicious codes still increase. As a result the time required to reverse engineer malicious programs and to forge new signatures is increasingly longer. This study proposes an efficient construction of a morphological malware detector, that is a detector which associates syntactic and semantic analysis. It aims at facilitating the task of malware analysts providing some abstraction on the signature representation which is based on control flow graphs. We build an efficient signature matching engine over tree automata techniques. Moreover we describe a generic graph rewriting engine in order to deal with classic mutations techniques. Finally, we provide a preliminary evaluation of the strategy detection carrying out experiments on a malware collection.</s0>
</fC01>
<fC02 i1="01" i2="X">
<s0>001D02B07C</s0>
</fC02>
<fC03 i1="01" i2="X" l="FRE">
<s0>Sécurité informatique</s0>
<s5>06</s5>
</fC03>
<fC03 i1="01" i2="X" l="ENG">
<s0>Computer security</s0>
<s5>06</s5>
</fC03>
<fC03 i1="01" i2="X" l="SPA">
<s0>Seguridad informatica</s0>
<s5>06</s5>
</fC03>
<fC03 i1="02" i2="X" l="FRE">
<s0>Analyse syntaxique</s0>
<s5>07</s5>
</fC03>
<fC03 i1="02" i2="X" l="ENG">
<s0>Syntactic analysis</s0>
<s5>07</s5>
</fC03>
<fC03 i1="02" i2="X" l="SPA">
<s0>Análisis sintáxico</s0>
<s5>07</s5>
</fC03>
<fC03 i1="03" i2="X" l="FRE">
<s0>Attaque informatique</s0>
<s5>08</s5>
</fC03>
<fC03 i1="03" i2="X" l="ENG">
<s0>Computer attack</s0>
<s5>08</s5>
</fC03>
<fC03 i1="03" i2="X" l="SPA">
<s0>Ataque informática</s0>
<s5>08</s5>
</fC03>
<fC03 i1="04" i2="X" l="FRE">
<s0>Analyse sémantique</s0>
<s5>09</s5>
</fC03>
<fC03 i1="04" i2="X" l="ENG">
<s0>Semantic analysis</s0>
<s5>09</s5>
</fC03>
<fC03 i1="04" i2="X" l="SPA">
<s0>Análisis semántico</s0>
<s5>09</s5>
</fC03>
<fC03 i1="05" i2="X" l="FRE">
<s0>Automate arbre</s0>
<s5>10</s5>
</fC03>
<fC03 i1="05" i2="X" l="ENG">
<s0>Tree automaton</s0>
<s5>10</s5>
</fC03>
<fC03 i1="05" i2="X" l="SPA">
<s0>Autómata árbol</s0>
<s5>10</s5>
</fC03>
<fC03 i1="06" i2="X" l="FRE">
<s0>Rétroingénierie</s0>
<s5>18</s5>
</fC03>
<fC03 i1="06" i2="X" l="ENG">
<s0>Reverse engineering</s0>
<s5>18</s5>
</fC03>
<fC03 i1="06" i2="X" l="SPA">
<s0>Ingeniera inversa</s0>
<s5>18</s5>
</fC03>
<fC03 i1="07" i2="X" l="FRE">
<s0>Abstraction</s0>
<s5>19</s5>
</fC03>
<fC03 i1="07" i2="X" l="ENG">
<s0>Abstraction</s0>
<s5>19</s5>
</fC03>
<fC03 i1="07" i2="X" l="SPA">
<s0>Abstracción</s0>
<s5>19</s5>
</fC03>
<fC03 i1="08" i2="X" l="FRE">
<s0>Réécriture</s0>
<s5>20</s5>
</fC03>
<fC03 i1="08" i2="X" l="ENG">
<s0>Rewriting</s0>
<s5>20</s5>
</fC03>
<fC03 i1="08" i2="X" l="SPA">
<s0>Reescritura</s0>
<s5>20</s5>
</fC03>
<fC03 i1="09" i2="X" l="FRE">
<s0>Transformation graphe</s0>
<s5>23</s5>
</fC03>
<fC03 i1="09" i2="X" l="ENG">
<s0>Graph transformation</s0>
<s5>23</s5>
</fC03>
<fC03 i1="09" i2="X" l="SPA">
<s0>Transformación grafo</s0>
<s5>23</s5>
</fC03>
<fC03 i1="10" i2="X" l="FRE">
<s0>.</s0>
<s4>INC</s4>
<s5>82</s5>
</fC03>
<fN21>
<s1>032</s1>
</fN21>
<fN44 i1="01">
<s1>OTO</s1>
</fN44>
<fN82>
<s1>OTO</s1>
</fN82>
</pA>
</standard>
<server>
<NO>PASCAL 10-0051671 INIST</NO>
<ET>Architecture of a morphological malware detector : EICAR 2008</ET>
<AU>BONFANTE (Guillaume); KACZMAREK (Matthieu); MARION (Jean-Yves)</AU>
<AF>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239/54506 Vandœuvre-lès-Nancy/France (1 aut., 2 aut., 3 aut.)</AF>
<DT>Publication en série; Niveau analytique</DT>
<SO>Journal in computer virology; ISSN 1772-9890; France; Da. 2009; Vol. 5; No. 3; Pp. 263-270; Bibl. 20 ref.</SO>
<LA>Anglais</LA>
<EA>Most of malware detectors are based on syntactic signatures that identify known malicious programs. Up to now this architecture has been sufficiently efficient to overcome most of malware attacks. Nevertheless, the complexity of malicious codes still increase. As a result the time required to reverse engineer malicious programs and to forge new signatures is increasingly longer. This study proposes an efficient construction of a morphological malware detector, that is a detector which associates syntactic and semantic analysis. It aims at facilitating the task of malware analysts providing some abstraction on the signature representation which is based on control flow graphs. We build an efficient signature matching engine over tree automata techniques. Moreover we describe a generic graph rewriting engine in order to deal with classic mutations techniques. Finally, we provide a preliminary evaluation of the strategy detection carrying out experiments on a malware collection.</EA>
<CC>001D02B07C</CC>
<FD>Sécurité informatique; Analyse syntaxique; Attaque informatique; Analyse sémantique; Automate arbre; Rétroingénierie; Abstraction; Réécriture; Transformation graphe; .</FD>
<ED>Computer security; Syntactic analysis; Computer attack; Semantic analysis; Tree automaton; Reverse engineering; Abstraction; Rewriting; Graph transformation</ED>
<SD>Seguridad informatica; Análisis sintáxico; Ataque informática; Análisis semántico; Autómata árbol; Ingeniera inversa; Abstracción; Reescritura; Transformación grafo</SD>
<LO>INIST-27849.354000170957880070</LO>
<ID>10-0051671</ID>
</server>
</inist>
</record>

Pour manipuler ce document sous Unix (Dilib)

EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/PascalFrancis/Corpus

HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000244 | SxmlIndent | more

Ou

HfdSelect -h $EXPLOR_AREA/Data/PascalFrancis/Corpus/biblio.hfd -nk 000244 | SxmlIndent | more

Pour mettre un lien sur cette page dans le réseau Wicri

{{Explor lien
   |wiki=    Wicri/Lorraine
   |area=    InforLorV4
   |flux=    PascalFrancis
   |étape=   Corpus
   |type=    RBID
   |clé=     Pascal:10-0051671
   |texte=   Architecture of a morphological malware detector : EICAR 2008
}}
Wicri

This area was generated with Dilib version V0.6.33.
Data generation: Mon Jun 10 21:56:28 2019. Site generation: Fri Feb 25 15:29:27 2022