article

Refereed paper: MCF: a malicious code filter

Authors:

Karl N. Levitt,

Ronald A. OlssonAuthors Info & Claims

Computers and Security, Volume 14, Issue 6

Pages 541 - 566

https://doi.org/10.1016/0167-4048(95)00012-W

Published: 01 January 1995 Publication History

Abstract

The goal of this research is to develop a method to detect malicious code (e.g. computer viruses, worms, Trojan horses, and time/logic bombs) and security-related vulnerabilities in system programs. The Malicious Code Filter (MCF) is a programmable static analysis tool developed for this purpose. It allows the examination of a program before installation, thereby avoiding damage a malicious program might inflict. This paper summarizes our work over the last few years that led us to develop MCF.

References

[1]

Cohen, F., Computer viruses: theory and experiments. Computers & Security. v6. 22-35.

[2]

Schoch, J.F. and Hupp, J.A., The worm programs¿Early experience with a distributed computation. Commun. ACM. v25 i3. 172-180.

[3]

Computer Viruses: A High-tech Disease. 1988.

[4]

Lo, R.W., Static analysis of programs with application to malicious code detection. In: PhD dissertation, Dept. of Computer Science, University of California, Davis.

[5]

Cohen, F., A cryptographic checksum for integrity protection. Computers & Security. 505-510.

[6]

Crocker, S. and Pozzo, M.M., A proposal for a verification-based virus filter. In: Proc. IEEE Computer Soc. Symposium on Security and Privacy, pp. 319-324.

[7]

Crawford, R., Lo, R., Crossley, J., Fink, G., Kerchen, P., Ho, W., Levitt, K., Olsson, R. and Archer, M., A testbed for malicious code detection: A synthesis of static and dynamic analysis techniques. In: Proc. Dept. of Energy Computer Security Group Conf., 17. pp. 1-23.

[8]

Olsson, R.A., Crawford, R.H. and Wilson Ho, W., Dalek: a GNU, improved programmable debugger. In: USENIX Conf. Proc., pp. 221-231.

[9]

Hamlet, R., Testing programs to detect malicious faults. In: Proc. IFIP Working Conf. Dependable Computing, pp. 162-169.

[10]

Weiser, M., Program slicing. In: Proc. Fifth Int. Conf. Software Engineering, pp. 439-449.

[11]

Zislis, P.M., Semantic decomposition of computer programs: an aid to program testing. Acta Informatica. 245-269.

[12]

Soloman, A., Mechanisms of stealth. In: Int. Computer Virus and Security Conf., pp. 374-383.

[13]

Boyer, R.S., Elspas, B. and Levitt, K.N., SELECT¿A formal system for testing and debugging programs by symbolic execution. In: Proc. Int. Conf. Reliable Software, pp. 234-245.

[14]

Olsson, R.A., Crawford, R.H. and Wilson Ho, W., A data-flow approach to event-based debugging. Software¿Practice and Experience. v21 i2. 209-229.

[15]

Spafford, E.H., Common system vulnerabilities. In: Proc. Workshop on Future Directions in Computer Misuse and Anomaly Defection, University of California, Davis. pp. 31

[16]

Farmer, D., COPS and robbers: UN¿X system security. COPS. report in comp.sources.unix/volume21/cops.

[17]

Baldwin, R.W., Kuang: rule-based security checking. Kuang.man in comp.sources.unix/volume21/cops.

Cited By

Guo ZZhang WYang WChe XZhang ZLi M(2021)A Survey on Feature Extraction Methods of Heuristic Backdoor DetectionInternational Conference on Frontiers of Electronics, Information and Computation Technologies10.1145/3474198.3478137(1-7)Online publication date: 21-May-2021
https://dl.acm.org/doi/10.1145/3474198.3478137
Tang ZWang QLi WBao HLiu FWang W(2021)Mining Trojan Detection Based on Multi-dimensional Static FeaturesScience of Cyber Security10.1007/978-3-030-89137-4_4(51-65)Online publication date: 13-Aug-2021
https://dl.acm.org/doi/10.1007/978-3-030-89137-4_4
Stiborek JPevn TRehk M(2018)Multiple instance learning for malware classificationExpert Systems with Applications: An International Journal10.1016/j.eswa.2017.10.03693:C(346-357)Online publication date: 1-Mar-2018
https://dl.acm.org/doi/10.1016/j.eswa.2017.10.036
Show More Cited By

Refereed paper: MCF: a malicious code filter
1. Security and privacy
  1. Systems security
2. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis

Recommendations

Refereed paper: Cooperating security managers: Distributed intrusion detection systems

Intrusion detection systems have been developed to address the break-in threat posed by ''hackers'' and the misuse threat posed by authorized users. Originally designed to address these threats as they apply to an individual host, the concept was ...
Refereed paper: Macro virus identification problems

Computer viruses written in the macro programming language of the popular office applications like Microsoft Word have become extremely widespread. Unlike the MS-DOS viruses which are single entities, the macro viruses often consist of entire sets of ...
Refereed paper: The problems of wordmacro virus upconversion

The built-in capability of Microsoft Word 97 to convert WordMacro viruses to VBA5 presents a serious ethical dilemma to the and-virus researchers. On the one hand, they have to provide protection to their users against these converted viruses. On the ...

Comments

Information & Contributors

Information

Published In

Copyright © © 1995.

Publisher

Elsevier Advanced Technology Publications

United Kingdom

Publication History

Published: 01 January 1995

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

23
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Guo ZZhang WYang WChe XZhang ZLi M(2021)A Survey on Feature Extraction Methods of Heuristic Backdoor DetectionInternational Conference on Frontiers of Electronics, Information and Computation Technologies10.1145/3474198.3478137(1-7)Online publication date: 21-May-2021
https://dl.acm.org/doi/10.1145/3474198.3478137
Tang ZWang QLi WBao HLiu FWang W(2021)Mining Trojan Detection Based on Multi-dimensional Static FeaturesScience of Cyber Security10.1007/978-3-030-89137-4_4(51-65)Online publication date: 13-Aug-2021
https://dl.acm.org/doi/10.1007/978-3-030-89137-4_4
Stiborek JPevn TRehk M(2018)Multiple instance learning for malware classificationExpert Systems with Applications: An International Journal10.1016/j.eswa.2017.10.03693:C(346-357)Online publication date: 1-Mar-2018
https://dl.acm.org/doi/10.1016/j.eswa.2017.10.036
Stiborek JPevn TRehk M(2018)Probabilistic analysis of dynamic malware tracesComputers and Security10.1016/j.cose.2018.01.01274:C(221-239)Online publication date: 1-May-2018
https://dl.acm.org/doi/10.1016/j.cose.2018.01.012
Chouchane RStakhanova NWalenstein ALakhotia A(2013)Detecting machine-morphed malware variants via engine attributionJournal in Computer Virology10.1007/s11416-013-0183-69:3(137-157)Online publication date: 1-Aug-2013
https://dl.acm.org/doi/10.1007/s11416-013-0183-6
Rieck KTrinius PWillems CHolz_aff2n3 T(2011)Automatic analysis of malware behavior using machine learningJournal of Computer Security10.5555/2011216.201121719:4(639-668)Online publication date: 1-Dec-2011
https://dl.acm.org/doi/10.5555/2011216.2011217
Khan HMirza FKhayam S(2011)Determining malicious executable distinguishing attributes and low-complexity detectionJournal in Computer Virology10.1007/s11416-010-0140-67:2(95-105)Online publication date: 1-May-2011
https://dl.acm.org/doi/10.1007/s11416-010-0140-6
El-Bakry HMastorakis N(2009)Fast virus detection by using high speed time delay neural networksProceedings of the 10th WSEAS international conference on Neural networks10.5555/1561799.1561829(169-183)Online publication date: 23-Mar-2009
https://dl.acm.org/doi/10.5555/1561799.1561829
Tabish SShafiq MFarooq M(2009)Malware detection using statistical analysis of byte-level file contentProceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics10.1145/1599272.1599278(23-31)Online publication date: 28-Jun-2009
https://dl.acm.org/doi/10.1145/1599272.1599278
Siddiqui MWang MLee J(2008)Data mining methods for malware detection using instruction sequencesProceedings of the 26th IASTED International Conference on Artificial Intelligence and Applications10.5555/1712759.1712825(358-363)Online publication date: 6-Feb-2008
https://dl.acm.org/doi/10.5555/1712759.1712825
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents