Reference:

Andreas Holzer, Johannes Kinder, and Helmut Veith. Using verification technology to specify and detect malware. In 11th International Conference on Computer Aided Systems Theory (EUROCAST 2007), volume 4739 of Lecture Notes in Computer Science, pages 497–504. Springer, 2007.

Abstract:

Computer viruses and worms are major threats for our computer infrastructure, and thus, for economy and society at large. Recent work has demonstrated that a model checking based approach to malware detection can capture the semantics of security exploits more accurately than traditional approaches, and consequently achieve higher detection rates. In this approach, malicious behavior is formalized using the expressive specification language CTPL based on classic CTL. This paper gives an overview of our toolchain for malware detection and presents our new system for computer assisted generation of malicious code specifications.

Suggested BibTeX entry:

@inproceedings{HolzerKinderVeith-eurocast07,
    author = {Andreas Holzer and Johannes Kinder and Helmut Veith},
    booktitle = {11th International Conference on Computer Aided Systems Theory (EUROCAST 2007)},
    pages = {497--504},
    publisher = {Springer},
    series = {Lecture Notes in Computer Science},
    title = {Using Verification Technology to Specify and Detect Malware},
    volume = {4739},
    year = {2007}
}