Corpus
Istex
Racine
Corpus
Checkpoint
Istex
Racine
Istex
Exploration
Accueil
Racine
Racine

Serveur d'exploration sur la recherche en informatique en Lorraine

Attention, ce site est en cours de développement !
Attention, site généré par des moyens informatiques à partir de corpus bruts.
Les informations ne sont donc pas validées.

Architecture of a morphological malware detector

Identifieur interne : 002C17 ( Istex/Corpus ); précédent : 002C16; suivant : 002C18

Architecture of a morphological malware detector

Auteurs : Guillaume Bonfante ; Matthieu Kaczmarek ; Jean-Yves Marion

Source :

RBID : ISTEX:BA4B8A0EB4255540EEEB6D10986D68BE2E383B5B

Abstract

Abstract: Most of malware detectors are based on syntactic signatures that identify known malicious programs. Up to now this architecture has been sufficiently efficient to overcome most of malware attacks. Nevertheless, the complexity of malicious codes still increase. As a result the time required to reverse engineer malicious programs and to forge new signatures is increasingly longer. This study proposes an efficient construction of a morphological malware detector, that is a detector which associates syntactic and semantic analysis. It aims at facilitating the task of malware analysts providing some abstraction on the signature representation which is based on control flow graphs. We build an efficient signature matching engine over tree automata techniques. Moreover we describe a generic graph rewriting engine in order to deal with classic mutations techniques. Finally, we provide a preliminary evaluation of the strategy detection carrying out experiments on a malware collection.

Url:
DOI: 10.1007/s11416-008-0102-4

Links to Exploration step

ISTEX:BA4B8A0EB4255540EEEB6D10986D68BE2E383B5B

Le document en format XML

<record>
<TEI wicri:istexFullTextTei="biblStruct">
<teiHeader>
<fileDesc>
<titleStmt>
<title xml:lang="en">Architecture of a morphological malware detector</title>
<author>
<name sortKey="Bonfante, Guillaume" sort="Bonfante, Guillaume" uniqKey="Bonfante G" first="Guillaume" last="Bonfante">Guillaume Bonfante</name>
<affiliation>
<mods:affiliation>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239, 54506, Vandœuvre-lès-Nancy Cédex, France</mods:affiliation>
</affiliation>
</author>
<author>
<name sortKey="Kaczmarek, Matthieu" sort="Kaczmarek, Matthieu" uniqKey="Kaczmarek M" first="Matthieu" last="Kaczmarek">Matthieu Kaczmarek</name>
<affiliation>
<mods:affiliation>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239, 54506, Vandœuvre-lès-Nancy Cédex, France</mods:affiliation>
</affiliation>
<affiliation>
<mods:affiliation>E-mail: matthieu.kaczmarek@mines-nancy.org</mods:affiliation>
</affiliation>
</author>
<author>
<name sortKey="Marion, Jean Yves" sort="Marion, Jean Yves" uniqKey="Marion J" first="Jean-Yves" last="Marion">Jean-Yves Marion</name>
<affiliation>
<mods:affiliation>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239, 54506, Vandœuvre-lès-Nancy Cédex, France</mods:affiliation>
</affiliation>
</author>
</titleStmt>
<publicationStmt>
<idno type="wicri:source">ISTEX</idno>
<idno type="RBID">ISTEX:BA4B8A0EB4255540EEEB6D10986D68BE2E383B5B</idno>
<date when="2008" year="2008">2008</date>
<idno type="doi">10.1007/s11416-008-0102-4</idno>
<idno type="url">https://api.istex.fr/ark:/67375/VQC-FNF1LS00-Q/fulltext.pdf</idno>
<idno type="wicri:Area/Istex/Corpus">002C17</idno>
<idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Corpus" wicri:corpus="ISTEX">002C17</idno>
</publicationStmt>
<sourceDesc>
<biblStruct>
<analytic>
<title level="a" type="main" xml:lang="en">Architecture of a morphological malware detector</title>
<author>
<name sortKey="Bonfante, Guillaume" sort="Bonfante, Guillaume" uniqKey="Bonfante G" first="Guillaume" last="Bonfante">Guillaume Bonfante</name>
<affiliation>
<mods:affiliation>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239, 54506, Vandœuvre-lès-Nancy Cédex, France</mods:affiliation>
</affiliation>
</author>
<author>
<name sortKey="Kaczmarek, Matthieu" sort="Kaczmarek, Matthieu" uniqKey="Kaczmarek M" first="Matthieu" last="Kaczmarek">Matthieu Kaczmarek</name>
<affiliation>
<mods:affiliation>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239, 54506, Vandœuvre-lès-Nancy Cédex, France</mods:affiliation>
</affiliation>
<affiliation>
<mods:affiliation>E-mail: matthieu.kaczmarek@mines-nancy.org</mods:affiliation>
</affiliation>
</author>
<author>
<name sortKey="Marion, Jean Yves" sort="Marion, Jean Yves" uniqKey="Marion J" first="Jean-Yves" last="Marion">Jean-Yves Marion</name>
<affiliation>
<mods:affiliation>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239, 54506, Vandœuvre-lès-Nancy Cédex, France</mods:affiliation>
</affiliation>
</author>
</analytic>
<monogr></monogr>
<series>
<title level="j">Journal in Computer Virology</title>
<title level="j" type="abbrev">J Comput Virol</title>
<idno type="ISSN">1772-9890</idno>
<idno type="eISSN">1772-9904</idno>
<imprint>
<publisher>Springer-Verlag</publisher>
<pubPlace>Paris</pubPlace>
<date type="published" when="2009-08-01">2009-08-01</date>
<biblScope unit="volume">5</biblScope>
<biblScope unit="issue">3</biblScope>
<biblScope unit="page" from="263">263</biblScope>
<biblScope unit="page" to="270">270</biblScope>
</imprint>
<idno type="ISSN">1772-9890</idno>
</series>
</biblStruct>
</sourceDesc>
<seriesStmt>
<idno type="ISSN">1772-9890</idno>
</seriesStmt>
</fileDesc>
<profileDesc>
<textClass></textClass>
<langUsage>
<language ident="en">en</language>
</langUsage>
</profileDesc>
</teiHeader>
<front>
<div type="abstract" xml:lang="en">Abstract: Most of malware detectors are based on syntactic signatures that identify known malicious programs. Up to now this architecture has been sufficiently efficient to overcome most of malware attacks. Nevertheless, the complexity of malicious codes still increase. As a result the time required to reverse engineer malicious programs and to forge new signatures is increasingly longer. This study proposes an efficient construction of a morphological malware detector, that is a detector which associates syntactic and semantic analysis. It aims at facilitating the task of malware analysts providing some abstraction on the signature representation which is based on control flow graphs. We build an efficient signature matching engine over tree automata techniques. Moreover we describe a generic graph rewriting engine in order to deal with classic mutations techniques. Finally, we provide a preliminary evaluation of the strategy detection carrying out experiments on a malware collection.</div>
</front>
</TEI>
<istex>
<corpusName>springer-journals</corpusName>
<author>
<json:item>
<name>Guillaume Bonfante</name>
<affiliations>
<json:string>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239, 54506, Vandœuvre-lès-Nancy Cédex, France</json:string>
</affiliations>
</json:item>
<json:item>
<name>Matthieu Kaczmarek</name>
<affiliations>
<json:string>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239, 54506, Vandœuvre-lès-Nancy Cédex, France</json:string>
<json:string>E-mail: matthieu.kaczmarek@mines-nancy.org</json:string>
</affiliations>
</json:item>
<json:item>
<name>Jean-Yves Marion</name>
<affiliations>
<json:string>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239, 54506, Vandœuvre-lès-Nancy Cédex, France</json:string>
</affiliations>
</json:item>
</author>
<articleId>
<json:string>102</json:string>
<json:string>s11416-008-0102-4</json:string>
</articleId>
<arkIstex>ark:/67375/VQC-FNF1LS00-Q</arkIstex>
<language>
<json:string>eng</json:string>
</language>
<originalGenre>
<json:string>OriginalPaper</json:string>
</originalGenre>
<abstract>Abstract: Most of malware detectors are based on syntactic signatures that identify known malicious programs. Up to now this architecture has been sufficiently efficient to overcome most of malware attacks. Nevertheless, the complexity of malicious codes still increase. As a result the time required to reverse engineer malicious programs and to forge new signatures is increasingly longer. This study proposes an efficient construction of a morphological malware detector, that is a detector which associates syntactic and semantic analysis. It aims at facilitating the task of malware analysts providing some abstraction on the signature representation which is based on control flow graphs. We build an efficient signature matching engine over tree automata techniques. Moreover we describe a generic graph rewriting engine in order to deal with classic mutations techniques. Finally, we provide a preliminary evaluation of the strategy detection carrying out experiments on a malware collection.</abstract>
<qualityIndicators>
<refBibsNative>false</refBibsNative>
<abstractWordCount>145</abstractWordCount>
<abstractCharCount>1000</abstractCharCount>
<keywordCount>0</keywordCount>
<score>8.307</score>
<pdfWordCount>4567</pdfWordCount>
<pdfCharCount>24564</pdfCharCount>
<pdfVersion>1.3</pdfVersion>
<pdfPageCount>8</pdfPageCount>
<pdfPageSize>595.276 x 790.866 pts</pdfPageSize>
</qualityIndicators>
<title>Architecture of a morphological malware detector</title>
<genre>
<json:string>research-article</json:string>
</genre>
<host>
<title>Journal in Computer Virology</title>
<language>
<json:string>unknown</json:string>
</language>
<publicationDate>2009</publicationDate>
<copyrightDate>2009</copyrightDate>
<issn>
<json:string>1772-9890</json:string>
</issn>
<eissn>
<json:string>1772-9904</json:string>
</eissn>
<journalId>
<json:string>11416</json:string>
</journalId>
<volume>5</volume>
<issue>3</issue>
<pages>
<first>263</first>
<last>270</last>
</pages>
<genre>
<json:string>journal</json:string>
</genre>
<subject>
<json:item>
<value>Computer Science, general</value>
</json:item>
</subject>
</host>
<ark>
<json:string>ark:/67375/VQC-FNF1LS00-Q</json:string>
</ark>
<publicationDate>2009</publicationDate>
<copyrightDate>2008</copyrightDate>
<doi>
<json:string>10.1007/s11416-008-0102-4</json:string>
</doi>
<id>BA4B8A0EB4255540EEEB6D10986D68BE2E383B5B</id>
<score>1</score>
<fulltext>
<json:item>
<extension>pdf</extension>
<original>true</original>
<mimetype>application/pdf</mimetype>
<uri>https://api.istex.fr/ark:/67375/VQC-FNF1LS00-Q/fulltext.pdf</uri>
</json:item>
<json:item>
<extension>zip</extension>
<original>false</original>
<mimetype>application/zip</mimetype>
<uri>https://api.istex.fr/ark:/67375/VQC-FNF1LS00-Q/bundle.zip</uri>
</json:item>
<istex:fulltextTEI uri="https://api.istex.fr/ark:/67375/VQC-FNF1LS00-Q/fulltext.tei">
<teiHeader>
<fileDesc>
<titleStmt>
<title level="a" type="main" xml:lang="en">Architecture of a morphological malware detector</title>
</titleStmt>
<publicationStmt>
<authority>ISTEX</authority>
<publisher scheme="https://scientific-publisher.data.istex.fr">Springer-Verlag</publisher>
<pubPlace>Paris</pubPlace>
<availability>
<licence>
<p>Springer-Verlag France, 2008</p>
</licence>
<p scheme="https://loaded-corpus.data.istex.fr/ark:/67375/XBH-3XSW68JL-F">springer</p>
</availability>
<date>2008-01-20</date>
</publicationStmt>
<notesStmt>
<note type="research-article" scheme="https://content-type.data.istex.fr/ark:/67375/XTP-1JC4F85T-7">research-article</note>
<note type="journal" scheme="https://publication-type.data.istex.fr/ark:/67375/JMC-0GLKJH51-B">journal</note>
<note>Eicar 2008 extended version</note>
</notesStmt>
<sourceDesc>
<biblStruct type="inbook">
<analytic>
<title level="a" type="main" xml:lang="en">Architecture of a morphological malware detector</title>
<author xml:id="author-0000">
<persName>
<forename type="first">Guillaume</forename>
<surname>Bonfante</surname>
</persName>
<affiliation>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239, 54506, Vandœuvre-lès-Nancy Cédex, France</affiliation>
</author>
<author xml:id="author-0001" corresp="yes">
<persName>
<forename type="first">Matthieu</forename>
<surname>Kaczmarek</surname>
</persName>
<email>matthieu.kaczmarek@mines-nancy.org</email>
<affiliation>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239, 54506, Vandœuvre-lès-Nancy Cédex, France</affiliation>
</author>
<author xml:id="author-0002">
<persName>
<forename type="first">Jean-Yves</forename>
<surname>Marion</surname>
</persName>
<affiliation>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239, 54506, Vandœuvre-lès-Nancy Cédex, France</affiliation>
</author>
<idno type="istex">BA4B8A0EB4255540EEEB6D10986D68BE2E383B5B</idno>
<idno type="ark">ark:/67375/VQC-FNF1LS00-Q</idno>
<idno type="DOI">10.1007/s11416-008-0102-4</idno>
<idno type="article-id">102</idno>
<idno type="article-id">s11416-008-0102-4</idno>
</analytic>
<monogr>
<title level="j">Journal in Computer Virology</title>
<title level="j" type="abbrev">J Comput Virol</title>
<idno type="pISSN">1772-9890</idno>
<idno type="eISSN">1772-9904</idno>
<idno type="journal-ID">true</idno>
<idno type="issue-article-count">7</idno>
<idno type="volume-issue-count">4</idno>
<imprint>
<publisher>Springer-Verlag</publisher>
<pubPlace>Paris</pubPlace>
<date type="published" when="2009-08-01"></date>
<biblScope unit="volume">5</biblScope>
<biblScope unit="issue">3</biblScope>
<biblScope unit="page" from="263">263</biblScope>
<biblScope unit="page" to="270">270</biblScope>
</imprint>
</monogr>
</biblStruct>
</sourceDesc>
</fileDesc>
<profileDesc>
<creation>
<date>2008-01-20</date>
</creation>
<langUsage>
<language ident="en">en</language>
</langUsage>
<abstract xml:lang="en">
<p>Abstract: Most of malware detectors are based on syntactic signatures that identify known malicious programs. Up to now this architecture has been sufficiently efficient to overcome most of malware attacks. Nevertheless, the complexity of malicious codes still increase. As a result the time required to reverse engineer malicious programs and to forge new signatures is increasingly longer. This study proposes an efficient construction of a morphological malware detector, that is a detector which associates syntactic and semantic analysis. It aims at facilitating the task of malware analysts providing some abstraction on the signature representation which is based on control flow graphs. We build an efficient signature matching engine over tree automata techniques. Moreover we describe a generic graph rewriting engine in order to deal with classic mutations techniques. Finally, we provide a preliminary evaluation of the strategy detection carrying out experiments on a malware collection.</p>
</abstract>
<textClass>
<keywords scheme="Journal Subject">
<list>
<head>Computer Science</head>
<item>
<term>Computer Science, general</term>
</item>
</list>
</keywords>
</textClass>
</profileDesc>
<revisionDesc>
<change when="2008-01-20">Created</change>
<change when="2009-08-01">Published</change>
</revisionDesc>
</teiHeader>
</istex:fulltextTEI>
<json:item>
<extension>txt</extension>
<original>false</original>
<mimetype>text/plain</mimetype>
<uri>https://api.istex.fr/ark:/67375/VQC-FNF1LS00-Q/fulltext.txt</uri>
</json:item>
</fulltext>
<metadata>
<istex:metadataXml wicri:clean="corpus springer-journals not found" wicri:toSee="no header">
<istex:xmlDeclaration>version="1.0" encoding="UTF-8"</istex:xmlDeclaration>
<istex:docType PUBLIC="-//Springer-Verlag//DTD A++ V2.4//EN" URI="http://devel.springer.de/A++/V2.4/DTD/A++V2.4.dtd" name="istex:docType"></istex:docType>
<istex:document>
<Publisher>
<PublisherInfo>
<PublisherName>Springer-Verlag</PublisherName>
<PublisherLocation>Paris</PublisherLocation>
</PublisherInfo>
<Journal OutputMedium="All">
<JournalInfo JournalProductType="ArchiveJournal" NumberingStyle="ContentOnly">
<JournalID>11416</JournalID>
<JournalPrintISSN>1772-9890</JournalPrintISSN>
<JournalElectronicISSN>1772-9904</JournalElectronicISSN>
<JournalTitle>Journal in Computer Virology</JournalTitle>
<JournalAbbreviatedTitle>J Comput Virol</JournalAbbreviatedTitle>
<JournalSubjectGroup>
<JournalSubject Type="Primary">Computer Science</JournalSubject>
<JournalSubject Type="Secondary">Computer Science, general</JournalSubject>
</JournalSubjectGroup>
</JournalInfo>
<Volume OutputMedium="All">
<VolumeInfo TocLevels="0" VolumeType="Regular">
<VolumeIDStart>5</VolumeIDStart>
<VolumeIDEnd>5</VolumeIDEnd>
<VolumeIssueCount>4</VolumeIssueCount>
</VolumeInfo>
<Issue IssueType="Regular" OutputMedium="All">
<IssueInfo IssueType="Regular" TocLevels="0">
<IssueIDStart>3</IssueIDStart>
<IssueIDEnd>3</IssueIDEnd>
<IssueArticleCount>7</IssueArticleCount>
<IssueHistory>
<OnlineDate>
<Year>2009</Year>
<Month>7</Month>
<Day>18</Day>
</OnlineDate>
<PrintDate>
<Year>2009</Year>
<Month>7</Month>
<Day>17</Day>
</PrintDate>
<CoverDate>
<Year>2009</Year>
<Month>8</Month>
</CoverDate>
<PricelistYear>2009</PricelistYear>
</IssueHistory>
<IssueCopyright>
<CopyrightHolderName>Springer-Verlag France</CopyrightHolderName>
<CopyrightYear>2009</CopyrightYear>
</IssueCopyright>
</IssueInfo>
<Article ID="s11416-008-0102-4" OutputMedium="All">
<ArticleInfo ArticleType="OriginalPaper" ContainsESM="No" Language="En" NumberingStyle="ContentOnly" TocLevels="0">
<ArticleID>102</ArticleID>
<ArticleDOI>10.1007/s11416-008-0102-4</ArticleDOI>
<ArticleSequenceNumber>7</ArticleSequenceNumber>
<ArticleTitle Language="En">Architecture of a morphological malware detector</ArticleTitle>
<ArticleCategory>Eicar 2008 extended version</ArticleCategory>
<ArticleFirstPage>263</ArticleFirstPage>
<ArticleLastPage>270</ArticleLastPage>
<ArticleHistory>
<RegistrationDate>
<Year>2008</Year>
<Month>7</Month>
<Day>18</Day>
</RegistrationDate>
<Received>
<Year>2008</Year>
<Month>1</Month>
<Day>20</Day>
</Received>
<Revised>
<Year>2008</Year>
<Month>7</Month>
<Day>10</Day>
</Revised>
<Accepted>
<Year>2008</Year>
<Month>7</Month>
<Day>17</Day>
</Accepted>
<OnlineDate>
<Year>2008</Year>
<Month>9</Month>
<Day>27</Day>
</OnlineDate>
</ArticleHistory>
<ArticleCopyright>
<CopyrightHolderName>Springer-Verlag France</CopyrightHolderName>
<CopyrightYear>2008</CopyrightYear>
</ArticleCopyright>
<ArticleGrants Type="Regular">
<MetadataGrant Grant="OpenAccess"></MetadataGrant>
<AbstractGrant Grant="OpenAccess"></AbstractGrant>
<BodyPDFGrant Grant="Restricted"></BodyPDFGrant>
<BodyHTMLGrant Grant="Restricted"></BodyHTMLGrant>
<BibliographyGrant Grant="Restricted"></BibliographyGrant>
<ESMGrant Grant="Restricted"></ESMGrant>
</ArticleGrants>
</ArticleInfo>
<ArticleHeader>
<AuthorGroup>
<Author AffiliationIDS="Aff1">
<AuthorName DisplayOrder="Western">
<GivenName>Guillaume</GivenName>
<FamilyName>Bonfante</FamilyName>
</AuthorName>
</Author>
<Author AffiliationIDS="Aff1" CorrespondingAffiliationID="Aff1">
<AuthorName DisplayOrder="Western">
<GivenName>Matthieu</GivenName>
<FamilyName>Kaczmarek</FamilyName>
</AuthorName>
<Contact>
<Email>matthieu.kaczmarek@mines-nancy.org</Email>
</Contact>
</Author>
<Author AffiliationIDS="Aff1">
<AuthorName DisplayOrder="Western">
<GivenName>Jean-Yves</GivenName>
<FamilyName>Marion</FamilyName>
</AuthorName>
</Author>
<Affiliation ID="Aff1">
<OrgName>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy</OrgName>
<OrgAddress>
<Postbox>B.P. 239</Postbox>
<Postcode>54506</Postcode>
<City>Vandœuvre-lès-Nancy Cédex</City>
<Country Code="FR">France</Country>
</OrgAddress>
</Affiliation>
</AuthorGroup>
<Abstract ID="Abs1" Language="En">
<Heading>Abstract</Heading>
<Para>Most of malware detectors are based on syntactic signatures that identify known malicious programs. Up to now this architecture has been sufficiently efficient to overcome most of malware attacks. Nevertheless, the complexity of malicious codes still increase. As a result the time required to reverse engineer malicious programs and to forge new signatures is increasingly longer. This study proposes an efficient construction of a morphological malware detector, that is a detector which associates syntactic and semantic analysis. It aims at facilitating the task of malware analysts providing some abstraction on the signature representation which is based on control flow graphs. We build an efficient signature matching engine over tree automata techniques. Moreover we describe a generic graph rewriting engine in order to deal with classic mutations techniques. Finally, we provide a preliminary evaluation of the strategy detection carrying out experiments on a malware collection.</Para>
</Abstract>
</ArticleHeader>
<NoBody></NoBody>
</Article>
</Issue>
</Volume>
</Journal>
</Publisher>
</istex:document>
</istex:metadataXml>
<mods version="3.6">
<titleInfo lang="en">
<title>Architecture of a morphological malware detector</title>
</titleInfo>
<titleInfo type="alternative" contentType="CDATA">
<title>Architecture of a morphological malware detector</title>
</titleInfo>
<name type="personal">
<namePart type="given">Guillaume</namePart>
<namePart type="family">Bonfante</namePart>
<affiliation>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239, 54506, Vandœuvre-lès-Nancy Cédex, France</affiliation>
<role>
<roleTerm type="text">author</roleTerm>
</role>
</name>
<name type="personal" displayLabel="corresp">
<namePart type="given">Matthieu</namePart>
<namePart type="family">Kaczmarek</namePart>
<affiliation>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239, 54506, Vandœuvre-lès-Nancy Cédex, France</affiliation>
<affiliation>E-mail: matthieu.kaczmarek@mines-nancy.org</affiliation>
<role>
<roleTerm type="text">author</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Jean-Yves</namePart>
<namePart type="family">Marion</namePart>
<affiliation>Nancy-Université, Loria, INPL, Ecole Nationale Supérieure des Mines de Nancy, B.P. 239, 54506, Vandœuvre-lès-Nancy Cédex, France</affiliation>
<role>
<roleTerm type="text">author</roleTerm>
</role>
</name>
<typeOfResource>text</typeOfResource>
<genre type="research-article" displayLabel="OriginalPaper" authority="ISTEX" authorityURI="https://content-type.data.istex.fr" valueURI="https://content-type.data.istex.fr/ark:/67375/XTP-1JC4F85T-7">research-article</genre>
<originInfo>
<publisher>Springer-Verlag</publisher>
<place>
<placeTerm type="text">Paris</placeTerm>
</place>
<dateCreated encoding="w3cdtf">2008-01-20</dateCreated>
<dateIssued encoding="w3cdtf">2009-08-01</dateIssued>
<copyrightDate encoding="w3cdtf">2008</copyrightDate>
</originInfo>
<language>
<languageTerm type="code" authority="rfc3066">en</languageTerm>
<languageTerm type="code" authority="iso639-2b">eng</languageTerm>
</language>
<abstract lang="en">Abstract: Most of malware detectors are based on syntactic signatures that identify known malicious programs. Up to now this architecture has been sufficiently efficient to overcome most of malware attacks. Nevertheless, the complexity of malicious codes still increase. As a result the time required to reverse engineer malicious programs and to forge new signatures is increasingly longer. This study proposes an efficient construction of a morphological malware detector, that is a detector which associates syntactic and semantic analysis. It aims at facilitating the task of malware analysts providing some abstraction on the signature representation which is based on control flow graphs. We build an efficient signature matching engine over tree automata techniques. Moreover we describe a generic graph rewriting engine in order to deal with classic mutations techniques. Finally, we provide a preliminary evaluation of the strategy detection carrying out experiments on a malware collection.</abstract>
<note>Eicar 2008 extended version</note>
<relatedItem type="host">
<titleInfo>
<title>Journal in Computer Virology</title>
</titleInfo>
<titleInfo type="abbreviated">
<title>J Comput Virol</title>
</titleInfo>
<genre type="journal" authority="ISTEX" authorityURI="https://publication-type.data.istex.fr" valueURI="https://publication-type.data.istex.fr/ark:/67375/JMC-0GLKJH51-B">journal</genre>
<originInfo>
<publisher>Springer</publisher>
<dateIssued encoding="w3cdtf">2009-07-18</dateIssued>
<copyrightDate encoding="w3cdtf">2009</copyrightDate>
</originInfo>
<subject>
<genre>Computer Science</genre>
<topic>Computer Science, general</topic>
</subject>
<identifier type="ISSN">1772-9890</identifier>
<identifier type="eISSN">1772-9904</identifier>
<identifier type="JournalID">11416</identifier>
<identifier type="IssueArticleCount">7</identifier>
<identifier type="VolumeIssueCount">4</identifier>
<part>
<date>2009</date>
<detail type="volume">
<number>5</number>
<caption>vol.</caption>
</detail>
<detail type="issue">
<number>3</number>
<caption>no.</caption>
</detail>
<extent unit="pages">
<start>263</start>
<end>270</end>
</extent>
</part>
<recordInfo>
<recordOrigin>Springer-Verlag France, 2009</recordOrigin>
</recordInfo>
</relatedItem>
<identifier type="istex">BA4B8A0EB4255540EEEB6D10986D68BE2E383B5B</identifier>
<identifier type="ark">ark:/67375/VQC-FNF1LS00-Q</identifier>
<identifier type="DOI">10.1007/s11416-008-0102-4</identifier>
<identifier type="ArticleID">102</identifier>
<identifier type="ArticleID">s11416-008-0102-4</identifier>
<accessCondition type="use and reproduction" contentType="copyright">Springer-Verlag France, 2008</accessCondition>
<recordInfo>
<recordContentSource authority="ISTEX" authorityURI="https://loaded-corpus.data.istex.fr" valueURI="https://loaded-corpus.data.istex.fr/ark:/67375/XBH-3XSW68JL-F">springer</recordContentSource>
<recordOrigin>Springer-Verlag France, 2008</recordOrigin>
</recordInfo>
</mods>
<json:item>
<extension>json</extension>
<original>false</original>
<mimetype>application/json</mimetype>
<uri>https://api.istex.fr/ark:/67375/VQC-FNF1LS00-Q/record.json</uri>
</json:item>
</metadata>
<serie></serie>
</istex>
</record>

Pour manipuler ce document sous Unix (Dilib)

EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/Istex/Corpus

HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 002C17 | SxmlIndent | more

Ou

HfdSelect -h $EXPLOR_AREA/Data/Istex/Corpus/biblio.hfd -nk 002C17 | SxmlIndent | more

Pour mettre un lien sur cette page dans le réseau Wicri

{{Explor lien
   |wiki=    Wicri/Lorraine
   |area=    InforLorV4
   |flux=    Istex
   |étape=   Corpus
   |type=    RBID
   |clé=     ISTEX:BA4B8A0EB4255540EEEB6D10986D68BE2E383B5B
   |texte=   Architecture of a morphological malware detector
}}
Wicri

This area was generated with Dilib version V0.6.33.
Data generation: Mon Jun 10 21:56:28 2019. Site generation: Fri Feb 25 15:29:27 2022