Skip to Main content Skip to Navigation
Theses

Étude du métamorphisme viral : modélisation, conception et détection

Jean-Marie Borello 1, 2
2 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
CentraleSupélec, Inria Rennes – Bretagne Atlantique , IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
Abstract : Protection against malicious code appears to be a major issue. Recent examples of worms such as Conficker and Stuxnet show that any information system may be the target of such attacks. Therefore, we address the threat posed by malicious code, and especially the case of metamorphism. This is indeed the result of codes evolution techniques ("obfuscation") that allows a program to avoid detection. To address metamorphism we adopt a dual approach: in a first part we focus on the development of a metamorphic engine to estimate its offensive potential. For this, we propose an obfuscation technique, for which the inverse transformation is proofed to be NP-complete in the context of static analysis. Then we apply this engine on a previously detected malicious worm to evaluate the capacity of existing detection tools. After this first part, we then want to detect, in addition to variants obtained from our metamorphic engine, those from known malware. For this, we propose a dynamic detection approach based on the behavioral similarity between programs. We then use Kolmogorov complexity to define a new similarity measure obtained by lossless compression. This works ends with the description and assessment of a malware detection prototype.
Document type :
Theses
Complete list of metadatas

Cited literature [184 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-00660274
Contributor : Anne Cloirec <>
Submitted on : Monday, January 16, 2012 - 12:07:21 PM
Last modification on : Friday, July 10, 2020 - 4:19:39 PM
Document(s) archivé(s) le : Tuesday, April 17, 2012 - 2:26:40 AM

Identifiers

  • HAL Id : tel-00660274, version 1

Citation

Jean-Marie Borello. Étude du métamorphisme viral : modélisation, conception et détection. Cryptographie et sécurité [cs.CR]. Université Rennes 1, 2011. Français. ⟨tel-00660274⟩

Share

Metrics

Record views

785

Files downloads

4858