LTL Model Checking of Self Modifying Code

09/27/2019
by   Tayssir Touili, et al.
0

Self modifying code is code that can modify its own instructions during the execution of the program. It is extensively used by malware writers to obfuscate their malicious code. Thus, analysing self modifying code is nowadays a big challenge. In this paper, we consider the LTL model-checking problem of self modifying code. We model such programs using self-modifying pushdown systems (SM-PDS), an extension of pushdown systems that can modify its own set of transitions during execution. We reduce the LTL model-checking problem to the emptiness problem of self-modifying Büchi pushdown systems (SM-BPDS). We implemented our techniques in a tool that we successfully applied for the detection of several self-modifying malware. Our tool was also able to detect several malwares that well-known antiviruses such as BitDefender, Kinsoft, Avira, eScan, Kaspersky, Qihoo-360, Baidu, Avast, and Symantec failed to detect.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
02/28/2022

Curb Your Self-Modifying Code

Self-modifying code has many intriguing applications in a broad range of...
research
09/20/2017

CARET analysis of multithreaded programs

Dynamic Pushdown Networks (DPNs) are a natural model for multithreaded p...
research
10/06/2020

QCTL model-checking with QBF solvers

Quantified CTL (QCTL) extends the temporal logic CTL with quantification...
research
01/18/2022

Self-Modifying Code in Open-Ended Evolutionary Systems

Having a model and being able to implement open-ended evolutionary syste...
research
11/27/2021

Evading Malware Analysis Using Reverse Execution

Malware is a security threat, and various means are adapted to detect an...
research
11/04/2019

Optimistic Optimization for Statistical Model Checking with Regret Bounds

We explore application of multi-armed bandit algorithms to statistical m...
research
07/10/2018

Datalog-based Scalable Semantic Diffing of Concurrent Programs

When an evolving program is modified to address issues related to thread...

Please sign up or login with your details

Forgot password? Click here to reset