1 / 1

Abstract

Describe one way that Polymorphic Viruses in x86 executables could be detected using the Cifuentes and Gough’s decompiler. Abstract

hye
Télécharger la présentation

Abstract

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Describe one way that Polymorphic Viruses in x86 executables could be detected using the Cifuentes and Gough’s decompiler Abstract Apart form code maintenance, the decompiler can be used as a tool to detect virus in binary program. In this paper, detection of a DOS-based virus – polymorphic virus in x86 executables using the reverse compiler tool will be presented. Starting from the front-end module of the decompiler, tools like parser, disassembler and the signature generator will facilitate the decompiling processes by flagging the suspicious machine codes during intermediate code and control flow graph generation. Data flow analysis and Control flow analysis will be done in the UDM phase. In addition, malicious code could be extracted using program-slicing algorithm and the control flow graph will be modified to facilitate code generation in the back-end module. Names of variables and procedures will be renamed and information of malicious behaviors will be reported as comments within each procedure to reveal the structure and behavior of the virus.

More Related