Code obfuscation techniques for metamorphic viruses

被引：98

作者：

Borello, Jean-Marie ^{[1
,2
]}

Me, Ludovic ^{[3
]}

机构：

[1] CELAR, BP 7419, F-35174 Bruz, France

[2] ESAT, Lab Virol & Cryptol, F-35998 Rennes, France

[3] SUPELEC, SSIR, EA 4039, Rennes, France

来源：

JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES | 2008年 / 4卷 / 03期

关键词：

Computational complexity;

D O I：

10.1007/s11416-008-0084-2

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

This paper deals with metamorphic viruses. More precisely, it examines the use of advanced code obfuscation techniques with respect to metamorphic viruses. Our objective is to evaluate the difficulty of a reliable static detection of viruses that use such obfuscation techniques. Here we extend Spinellis' result (IEEE Trans. Inform. Theory, 49(1), 280284, 2003) on the detection complexity of bounded-length polymorphic viruses to metamorphic viruses. In particular, we prove that reliable static detection of a particular category of metamorphic viruses is an NP-complete problem. Then we empirically illustrate our result by constructing a practical obfuscator which could be used by metamorphic viruses in the future to evade detection.

引用

页码：211 / 220

页数：10

共 27 条

[1]

Aho AV, 1986, COMPILERS PRINCIPLES

[2]

Barak B., 2001, Advances in Cryptology - CRTPTO 2001. 21st Annual International Cryptology Conference, Proceedings (Lecture Notes in Computer Science Vol.2139), P1

[3]

Beaucamps P., 2006, J COMPUT VIROL, V2

[4]

BRUSCHI D., 2006, P INT S SEC SOFTW EN

[5]

Bruschi D, 2006, LECT NOTES COMPUT SC, V4064, P129

[6]

Chow S, 2001, INT C INFORM SECURIT

[7]

Christodorescu M, 2003, USENIX ASSOCIATION PROCEEDINGS OF THE 12TH USENIX SECURITY SYMPOSIUM, P169

[8]

Christodorescu M., 2004, Software Engineering Notes, V29, P34, DOI 10.1145/1013886.1007518

[9]

Cifuentes Cristina, 1994, THESIS

[10]

Cohen F., 1990, COMPUTATIONAL ASPECT, P324

← 1 2 3 →