Proactive Detection of Computer Worms Using Model Checking

Although recent estimates are speaking of 200,000 different viruses, worms, and Trojan horses, the majority of them are variants of previously existing malware. As these variants mostly differ in their binary representation rather than their functionality, they can be recognized by analyzing the program behavior, even though they are not covered by the signature databases of current antivirus tools. Proactive malware detectors mitigate this risk by detection procedures that use a single signature to detect whole classes of functionally related malware without signature updates. It is evident that the quality of proactive detection procedures depends on their ability to analyze the semantics of the binary. In this paper, we propose the use of model checkinga well-established software verification techniquefor proactive malware detection. We describe a tool that extracts an annotated control flow graph from the binary and automatically verifies it against a formal malware specification. To this end, we introduce the new specification language CTPL, which balances the high expressive power needed for malware signatures with efficient model checking algorithms. Our experiments demonstrate that our technique indeed is able to recognize variants of existing malware with a low risk of false positives. © 2006 IEEE

Protecting Software through Obfuscation:Can It Keep Pace with Progress in Code Analysis?

Software obfuscation has always been a controversially discussed research area. While theoretical results indicate that provably secure obfuscation in general is impossible, its widespread application in malware and commercial software shows that it is nevertheless popular in practice. Still, it remains largely unexplored to what extent today’s software obfuscations keep up with state-of-the-art code analysis and where we stand in the arms race between software developers and code analysts. The main goal of this survey is to analyze the effectiveness of different classes of software obfuscation against the continuously improving deobfuscation techniques and off-the-shelf code analysis tools. The answer very much depends on the goals of the analyst and the available resources. On the one hand, many forms of lightweight static analysis have difficulties with even basic obfuscation schemes, which explains the unbroken popularity of obfuscation among malware writers. On the other hand, more expensive analysis techniques, in particular when used interactively by a human analyst, can easily defeat many obfuscations. As a result, software obfuscation for the purpose of intellectual property protection remains highly challenging.</jats:p

Unapređenje savremenih helpdesk poslovnih sistema primenom naprednih inteligentnih softverskih alata

In today's business environment, the application of modern ICT technologies is crucial for each participant in the global market. Together with the products and services, the software solutions used for supporting businesses are becoming more and more complex. Therefore, modern tools and techniques for software development require constant expansion with the aim of designing and developing software solutions that will fully satisfy current customer requirements and give companies a strategic advantage in the market. The dissertation identifies the insurance industry as the key market place where these systems can be fully applied. HelpDesk system, integrated into information systems of the insurance companies, contributes to a large extent to quality of products and services and increases the level of general satisfaction of employees and service users. For this purpose, tools and techniques for developing intelligent HelpDesk system have been identified through expansion of modern object-oriented technologies by tools that allow the dynamic manipulation of the new knowledge by information system. Two well-known aspect-oriented approaches have been tested and their dominant characteristics have been combined, thus creating an original unified approach that helped to achieve the intended goals of the dissertation. In the dissertation, the implementation of the HelpDesk system in synergy with intelligent programs has been especially considered. The work of such a system is fully automated and expertise is greatly shifted from a man to a computer. By choosing the optimal algorithm for searching a database of questions, HelpDesk system is equipped with a powerful tool – neural network, which fully enables the aforesaid software functionalities