University of Wurzburg
Many security attacks accomplish their goals by controlling the inputs to a target program. Based on this insight, the authors have developed a novel and highly effective approach to developing malware signatures. These signatures, also called \"Basic building blocks\" of malware, possess the essential elements common to all malware of a certain class. The key to the success of their approach is that it captures the global semantics of malware. Experimental evaluation shows that their algorithm can detect syntactic malware variants with low errors, and outperforms currently popular malware detection systems, such as McAfee VirusScan Enterprise.