NDLI: Function extraction technology: computing the behavior of malware.

Please wait, while we are loading the content...

Function extraction technology: computing the behavior of malware.

Content Provider	CiteSeerX
Author	Linger, Rick Sayre, Kirk Daly, Tim Pleszkoch, Mark
Abstract	Current methods of malware analysis are increasingly challenged by the scope and sophistication of attacks. Recent advances in software behavior computation illuminate an opportunity to compute the behavior of malware at machine speeds, to aid in understanding intruder methods and developing countermeasures. The behavior computation process helps eliminate certain forms of malware obfuscation and computes the net effects of the remaining functional code. This paper describes behavior computation technology and provides an example of its use in malware analysis. 1. A malware vulnerability Malware often exhibits a fundamental vulnerability that can be exploited by defenders. No matter how a malware package is obfuscated, and no matter what attack strategy it implements, it must ultimately execute on a target machine to achieve its objectives. That is, the intended behavior of a malware package must be realized through ordinary execution of instructions and manipulation of memory, just as must the intended behavior of legitimate software. A potential Achilles heel of malware is literally its functional behavior which must achieve a purpose intended by the attacker. This paper describes application of software behavior computation to help eliminate certain forms of obfuscation in malware and derive the net behavior of the remaining functional code. This malware vulnerability is being exploited through research and development carried out by the
File Format	PDF
Access Restriction	Open
Subject Keyword	Function Extraction Technology Malware Analysis Malware Package Intended Behavior Software Behavior Computation Functional Code Certain Form Fundamental Vulnerability Net Effect Malware Vulnerability Malware Potential Achilles Heel Target Machine Understanding Intruder Method Functional Behavior Machine Speed Malware Obfuscation Legitimate Software Behavior Computation Process Recent Advance Net Behavior Behavior Computation Technology Ordinary Execution Malware Vulnerability Current Method
Content Type	Text
Resource Type	Article

Central Library (ISO-9001:2015 Certified)
Indian Institute of Technology Kharagpur
Kharagpur, West Bengal, India | PIN - 721302

See location in the Map
03222 282435
Mail: support@ndl.gov.in

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in