Behavior Analysis of Malicious Code by Weighted Behavior Abstraction

This work is a weighted generalization of the abstraction based analysis technique we previously proposed for the detection of high-level malware behaviors. Our approach, using a rewriting-based abstraction mechanism, produces abstracted forms of program traces, independent of the program implementation. The suspicious behaviors to be recognized, defined as combinations of patterns given in a signature, are detected by model-checking on the high-level representation of the program. Introducing weights in this approach allows us to express a pertinence degree of detection when analysis of the program results in an incomplete or uncertain program dataflow, or when abstraction cannot be performed reliably.

Data and Resources

Additional Info

Field Value
Source https://inria.hal.science/hal-00803412
Author Beaucamps, Philippe, Gnaedig, Isabelle, Marion, Jean-Yves
Maintainer CCSD
Last Updated May 12, 2026, 05:29 (UTC)
Created May 12, 2026, 05:29 (UTC)
Identifier hal-00803412
Language en
Rights https://about.hal.science/hal-authorisation-v1/
contributor Theoretical adverse computations, and safety (CARTE) ; Centre Inria de l'Université de Lorraine ; Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM) ; Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA) ; Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA) ; Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)
creator Beaucamps, Philippe
date 2013-03-21T00:00:00
harvest_object_id cabf76c8-bdda-4b5e-844a-4a20369742db
harvest_source_id 3374d638-d20b-4672-ba96-a23232d55657
harvest_source_title test moissonnage SELUNE
metadata_modified 2025-11-04T00:00:00
set_spec type:REPORT