See this document in CiteSeerX!

Static Analysis of Executables to Detect Malicious Patterns (2003)  (Make Corrections)  (9 citations)
Mihai Christodorescu, Somesh Jha



  Home/Search   Context   Related

 
View or download:
wisc.edu/~mihai/my...safe_20030206.ps
Cached:  PS.gz  PS  PDF   Image  Update  Help

From:  wisc.edu/~mihai/my_work/p...index (more)
(Enter author homepages)

Rate this article: (best)
  Comment on this article  
(Enter summary)

Abstract: Malicious code detection is a crucial component of any defense mechanism. In this paper, we present a unique viewpoint on malicious code detection. We regard malicious code detection as an obfuscation-deobfuscation game between malicious code writers and researchers working on malicious code detection. Malicious code writers attempt to obfuscate the malicious code to subvert the malicious code detectors, such as anti-virus software. We tested the resilience of three commercial virus... (Update)

Cited by:   More
Model Checking x86 Executables - With Codesurfer And   (Correct)
TTAnalyze: A Tool for Analyzing Malware - Bayer, Kruegel, Kirda (2006)   (Correct)
Static Disassembly of Obfuscated Binaries - Kruegel, Robertson, Valeur, Vigna (2004)   (Correct)

Active bibliography (related documents):   More   All
5.2:   Static Analysis of Executables to Detect Malicious Patterns - Christodorescu, Jha (2003)   (Correct)
0.9:   Unknown -   (Correct)
0.4:   c) 2003 IEEE. Personal use of this material is permitted. .. - Reprint Republish This (2006)   (Correct)

Similar documents based on text:
0.2:   Opening Pandora's Box: - Using Binary Code   (Correct)
0.1:   Using Binary Code Rewrite to Bypass License Checks - Tevfik Kosar Mihai   (Correct)

Related documents from co-citation:   More   All
5:   Code Red Worm Propagation Modeling and Analysis - Zou, Gong et al. - 2002
5:   PointGuard: Protecting Pointers From Buffer Overflow Vulnerabilities (context) - Cowan, Beattie et al. - 2003
5:   Address Obfuscation: an Efficient Approach to Combat a Broad Range of Memory Err.. (context) - Bhatkar, DuVarney et al. - 2003

BibTeX entry:   (Update)

M. Christodorescu and S. Jha. Static Analysis of Executables to Detect Malicious Patterns. In Proceedings of the 12th USENIX Security Symposium, pages 169--186, August 2003. http://citeseer.ist.psu.edu/article/christodorescu03static.html   More

@misc{ christodorescu03static,
  author = "M. Christodorescu and S. Jha",
  title = "Static Analysis of Executables to Detect Malicious Patterns",
  text = "M. Christodorescu and S. Jha. Static Analysis of Executables to Detect
    Malicious Patterns. In Proceedings of the 12th USENIX Security Symposium,
    pages 169--186, August 2003.",
  year = "2003",
  url = "citeseer.ist.psu.edu/article/christodorescu03static.html" }
Citations (may not include all citations):
1911   Introduction to Automata Theory (context) - Hopcroft, Motwani et al. - 2001
390   Interprocedural slicing using dependence graphs - Horwitz, Reps et al. - 1990
322   First-Order Logic and Automated Theorem Proving (context) - Fitting - 1996
292   Advanced Compiler Design and Implementation (context) - Muchnick - 1997
270   Bandera: Extracting finite-state models from Java source cod.. - Corbett, Dwyer et al. - 2000
250   Automatic discovery of linear restraints among variables of .. - Cousot, Halbwachs - 1978
201   to Typed Assembly Language (context) - Morrisett, Walker et al. - 1998
134   PVS: Combining specification (context) - Owre, Rajan et al. - 1996
129   Precise interprocedural dataflow analysis via graph reachabi.. - Reps, Horwitz et al. - 1995
108   Automatically validating temporal safety properties of inter.. - Ball, Rajamani - 2001
97   Stack-Based Typed Assembly Language - Morrisett, Crary et al. - 1998
90   Last accessed: 3 February (context) - Labs, www et al. - 2003
86   A precise interprocedural data flow algorithm (context) - Myers - 1981
69   How to 0wn the internet in your spare time - Staniford, Paxson et al. - 2002
68   ACM Letters on Programming Languages and Systems (context) - Landi, static - 1992
58   MOPS: an infrastructure for examining security properties of.. - Chen, Wagner - 2002
54   Intrusion detection via static analysis - Wagner, Dean - 2001
52   Checking for race conditions in file accesses - Bishop, Dilger - 1996
49   possibility of obfuscating programs (context) - Barak, Goldreich et al. - 2001
47   IRM enforcement of Java stack inspection - Erlingsson, Schneider - 2000
46   Using programmer-written compiler extensions to catch securi.. - Ashcraft, Engler - 2002
40   A taxonomy of obfuscating transformations - Collberg, Thomborson et al. - 1997
38   and stealthy opaque constructs (context) - Collberg, Thomborson et al. - 1998
34   Efficient algorithms for model checking pushdown systems - Esparza, Hansel et al. - 2000
31   Safety-Checking of Machine Code - Xu - 2000
28   spread SapphireSlammer worm (context) - Savage, Staniford et al. - 2003
21   Verification of control flow based security properties - Jensen, Metayer et al. - 1999
20   Physical type checking for C - Chandra, Reps - 1999
12   Detecting manipulated remote call streams (context) - Giffin, Jha et al. - 2002
10   Computers and Security (context) - Cohen, Theory - 1987
10   MCF: A malicious code filter (context) - Lo, Levitt et al. - 1995
9   Hunting for metamorphic (context) - Szor, Ferrie - 2001
7   Denial of service attacks (context) - Center - 2001
6   Attacking malicious code: Report to the infosec research cou.. - McGraw, Morrisett - 2000
4   Polymorphic virus detection module (context) - Nachenberg - 1998
4   Polymorphic virus detection module (context) - Nachenberg - 1997
4   An undetectable computer virus - Chess, White - 2000
3   Automated reverse engineering: Mistfall engine (context) - mbie - 2003
2   Ida pro -- interactive disassembler (context) - sa - 2003
2   Codesurfer -- code analysis and understanding tool (context) - Inc - 2003
2   Last accessed: 3 February (context) - mbie, mbie's et al. - 2003
2   Virus Analysis Library (context) - Wang, the et al. - 1998
2   Last accessed: 3 February (context) - mbie, engine et al. - 2003
2   Improving computer security using extending static checking (context) - Chess - 2002
1   volume Expanded Threat List and Virus Encyclopaedia (context) - Samamura, CIH - 1998
1   volume Virus List Encyclopaedia (context) - Kaspersky, an - 2002
http://research.compaq.com/SRC/esc/simplify.html



The graph only includes citing articles where the year of publication is known.

Documents on the same site (http://www.cs.wisc.edu/~mihai/my_work/papers/index.html):
Static Analysis of Executables to Detect Malicious Patterns - Christodorescu, Jha (2003)   (Correct)
Using Binary Code Rewrite to Bypass License Checks - Tevfik Kosar Mihai   (Correct)

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC