JOURNAL ARTICLE
Detection of injected, dynamically generated, and obfuscated malicious code
Abstract
This paper presents DOME, a host-based technique for detecting several general classes of malicious code in software executables. DOME uses static analysis to identify the locations (virtual addresses) of system calls within the software executables, and then monitors the executables at runtime to verify that every observed system call is made from a location identified using static analysis. The power of this technique is that it is simple, practical, applicable to real-world software, and highly effective against injected, dynamically generated, and obfuscated malicious code.
Keywords:
Executable Computer science Software Static analysis Code (set theory) Malware Static program analysis Operating system Host (biology) Source code Embedded system Programming language Software development
Metrics
87
Cited By
4.33
FWCI (Field Weighted Citation Impact)
13
Refs
0.95
Citation Normalized Percentile
Is in top 1%
Is in top 10%
Citation History
Topics
Advanced Malware Detection Techniques
Physical Sciences → Computer Science → Signal Processing
Network Security and Intrusion Detection
Physical Sciences → Computer Science → Computer Networks and Communications
Security and Verification in Computing
Physical Sciences → Computer Science → Artificial Intelligence
Related Documents
JOURNAL ARTICLE
Detection of Obfuscated Malicious JavaScript Code
Ammar AlazabAnsam KhraisatMoutaz AlazabSarabjot Singh
Journal: Future Internet Year: 2022 Vol: 14 (8)Pages: 217-217
JOURNAL ARTICLE
Obfuscated Malicious Code Detection with Path Condition Analysis
Journal: Journal of Networks Year: 2014 Vol: 9 (5)
JOURNAL ARTICLE
Hierarchical feature selection method for detection of obfuscated malicious code
Jianfei ZhangLifei ChenGong-de GUO
Journal: Journal of Computer Applications Year: 2013 Vol: 32 (10)Pages: 2761-2767