Pattern-driven malware detection in native executables based on control-flow graphs

Mircea Prejban

Abstract: Malware becomes more sophisticated by having additional functionalities for persistence, evasion, stealth and anti-reverse engineering properties. For malware the best method of understanding the threat is by malware analysis in which the analyst extracts code and data or runs the malware in a safe environment to understand how the malware program functions. Software solutions require additional ways to detect and stop malware as now we cannot rely exclusively on hash signature based detection and by automating static analysis we can construct additional ways of spotting malicious programs. In this seminar we present the usage of Control-Flow-Graph in malware detection and some insights for our custom approach of a malware detection method based on pattern matching and control-flow graphs.