Add to ORKGInformation about calls to the operating system (or kernel libraries) made by a binary executable may be used to determine whether the binary is malicious. Being aware of this approach, malicious programmers hide this information by making such calls without using the call instruction. For instance, the ‘call addr’ instruction may be replaced by two push instructions and a return instruction, the first push pushes the address of instruction after the return instruction, and the second push pushes the address addr. The code may be further obfuscated by spreading the three instructions and by splitting each instruction into multiple instructions. This paper presents a method to statically detect obfuscated calls in binary code. The notion of ...
A technique to improve computer security is to test an executable for the presence of malicious code...
International audienceWe present an approach for proactive malware detection by working on an abstra...
A rootkit is a collection of tools used by intruders to keep the legitimate users and administrators...
A method for context-sensitive analysis of binaries that may have obfuscated procedure call and retu...
Intrusion detection systems that monitor sequences of system calls have recently become more sophist...
Buffer overflow and heap overflow injection attacks have been studied for some time. Recent techniqu...
By restoring the program into an easier understandable form, deobfuscation is an important technique...
As malicious software gets increasingly sophisticated and re-silient to detection, new concepts for ...
Static binary analysis is being used extensively for detecting security flaws in binary programs. Mu...
Abstract Since Sharir and Pnueli, algorithms for context-sensitivity have been de-fined in terms of ...
A detailed understanding of the behavior of exploits and malicious software is necessary to obtain a...
Since Sharir and Pnueli, algorithms for context-sensitivity have been defined in terms of 'valid' pa...
Malicious code is an increasingly important problem that threatens the security of computer systems....
Malicious code detection is a crucial component of any defense mechanism. In this paper, we present ...
As malicious software gets increasingly sophisticated and resilient to detection, new concepts for t...
A technique to improve computer security is to test an executable for the presence of malicious code...
International audienceWe present an approach for proactive malware detection by working on an abstra...
A rootkit is a collection of tools used by intruders to keep the legitimate users and administrators...
A method for context-sensitive analysis of binaries that may have obfuscated procedure call and retu...
Intrusion detection systems that monitor sequences of system calls have recently become more sophist...
Buffer overflow and heap overflow injection attacks have been studied for some time. Recent techniqu...
By restoring the program into an easier understandable form, deobfuscation is an important technique...
As malicious software gets increasingly sophisticated and re-silient to detection, new concepts for ...
Static binary analysis is being used extensively for detecting security flaws in binary programs. Mu...
Abstract Since Sharir and Pnueli, algorithms for context-sensitivity have been de-fined in terms of ...
A detailed understanding of the behavior of exploits and malicious software is necessary to obtain a...
Since Sharir and Pnueli, algorithms for context-sensitivity have been defined in terms of 'valid' pa...
Malicious code is an increasingly important problem that threatens the security of computer systems....
Malicious code detection is a crucial component of any defense mechanism. In this paper, we present ...
As malicious software gets increasingly sophisticated and resilient to detection, new concepts for t...
A technique to improve computer security is to test an executable for the presence of malicious code...
International audienceWe present an approach for proactive malware detection by working on an abstra...
A rootkit is a collection of tools used by intruders to keep the legitimate users and administrators...