11th Working Conference on Reverse Engineering (WCRE 2004) Imposing Order on Program Statements to Assist Anti-Virus Scanners Delft, The Netherlands November 08-November 12 ISBN: 0-7695-2243-2
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/WCRE.2004.24
A metamorphic virus applies semantics preserving transformations on itself to create a different variant before propagation. Metamorphic computer viruses thwart current anti-virus technologies that use signatures — a fixed sequence of bytes from a sample of a virus — since two variants of a metamorphic virus may not share the same signature. A method to impose an order on the statements and components of expressions of a program is presented. The method, called a "zeroing transformation," reduces the number of possible variants of a program created by reordering statement, reshaping expression, and renaming variable. On a collection of C program used for evaluation, the zeroing transformation reduced the space of program variants due to statement reordering from 10^183 to 10^20. Further reduction can be expected by undoing other transformations. Anti-virus technologies may be improved by extracting signatures from zero form of a virus, and not the original version.
Citation:
Arun Lakhotia, Moinuddin Mohammed, "Imposing Order on Program Statements to Assist Anti-Virus Scanners," wcre, pp.161-170, 11th Working Conference on Reverse Engineering (WCRE 2004), 2004 Usage of this product signifies your acceptance of the Terms of Use. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb