Malware (virus) detection using model checking

Résumé

The number of malwares that produced incidents in 2010 is more than 1.5 billion. A malware may bring serious damage, e.g., authorities investigating the 2008 crash of Spanair flight 5022 have discovered a central computer system used to monitor technical problems in the aircraft was infected with malware. Thus, it is crucial to have efficient up-to-date virus detectors. To identify viruses, existing antivirus systems use either code emulation or signature (pattern) detection. These techniques have some limitations. Indeed, emulation based techniques can only check the program's behavior in a limited time interval, whereas signature based systems are easy to get around. To sidestep these limitations, instead of executing the program or making a syntactic check over it, virus detectors need to use analysis techniques that check the behavior (not the syntax) of the program in a static way, i.e. without executing it. Towards this aim, we propose in this thesis to use model-checking for virus detection. The goal of this thesis is then to (1) develop new techniques that allow to automatically discover malicious behaviors, (2) developnew advanced model-checking techniques for malware detection that take into account the complex features of malicious programs, and (3) implement these techniques in a tool for malware detection that behaves better than the existing well-known antiviruses.

Pas de résumé disponible.