Date Added: Feb 2010
Polymorphic and metamorphic malware use code obfuscation techniques to construct new variants which preserve the semantics of the original but change the code syntax, evading current compiled code based detection methods. Dynamic slicing is a technique that, given a variable of interest within a program, isolates a relevant subset of executed program code that influences that variable. Using dynamic slicing to condition semantic traces identifies 'Core' behaviours that, as part of an overall semantics based approach, has the potential to play a significant role in detecting difficult malware variants. The authors preface this by a discussion of the motivation and the contextual role for this form of slicing in semantics based matching.