[langsec-discuss] Studying malware in terms of LangSec

Geoffroy Couprie geo.couprie at gmail.com
Tue Nov 25 13:51:10 UTC 2014


Hi,

Current malwares are dependent on a lot of factors if they want to be
a bit stealthy: OS version, CPU type, network card model, some
specific software version installed or not, time, network
environment... Finding a common behaviour and detecting families
efficiently would be akin to construct a symbolic equation of the
malware family and testing the binary for this model.

Current automated malware testbeds do not go that far, they have one
function: determining if a binary is dangerous or not. They do not
analyze the binary, but its effect on the environment: network calls,
DNS requests, files and registry keys created.

Cheers,

Geoffroy

On Tue, Nov 25, 2014 at 2:34 PM, Sashank Dara <krishna.sashank at gmail.com> wrote:
> Hi ,
>
> Am curious if we can study sophisticated metamorphic and polymorphic
> malwares of current day in terms of langsec ?
>
> Classic File hashes like MD5,  SHA etc are no longer helping in identifying
> malware programs that are mutating . So current research is around using
> control flow graphs or structural properties or feature vectors in order to
> identify malware files belonging to similar family.
>
> how can we identify two (or more) programs that produce same malicious
> affect , say using theory of computer science and lang sec principles
>
> Regards,
> Sashank
> http://lnkd.in/88sgfr
>
> _______________________________________________
> langsec-discuss mailing list
> langsec-discuss at mail.langsec.org
> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
>



-- 
http://geoffroycouprie.com/em
http://pilotssh.com
https://leanpub.com/ScalaOnAndroid/


More information about the langsec-discuss mailing list