Skip to main content

Partial Evaluation for Java Malware Detection

Singh, Ranjeet and King, Andy (2015) Partial Evaluation for Java Malware Detection. In: Proietti, Maurizio and Seki, Hirohisa, eds. Twenty fourth International Symposium on Logic-Based Program Synthesis and Transformation. Lecture Notes in Computer Science, 8991 . Springer, pp. 133-147. ISBN 978-3-319-17821-9. E-ISBN 978-3-319-17822-6. (doi:10.1007/978-3-319-17822-6_8) (KAR id:42104)

PDF (Partial Evaluation for Java Malware Detection) Pre-print
Language: English
Download this file
(PDF/377kB)
[thumbnail of Partial Evaluation for Java Malware Detection]
Preview
Request a format suitable for use with assistive technology e.g. a screenreader
Official URL:
http://dx.doi.org/10.1007/978-3-319-17822-6_8

Abstract

The fact that Java is platform independent gives hackers the opportunity to write exploits that can target users on any platform, which has a JVM implementation. Metasploit is a well-known source of Java exploits and to circumvent detection by Anti Virus (AV) software, obfuscation techniques are routinely applied to make an exploit more difficult to recognise. Popular obfuscation techniques for Java include string obfuscation and applying reflection to hide method calls; two techniques that can either be used together or independently. This paper shows how to apply partial evaluation to remove these obfuscations and thereby improve AV matching. The paper presents a partial evaluator for Jimple, which is a typed three-address code suitable for optimisation and program analysis, and also demonstrates how the residual Jimple code, when transformed back into Java, improves the detection rates of a number of commercial AV products.

Item Type: Book section
DOI/Identification number: 10.1007/978-3-319-17822-6_8
Subjects: A General Works
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Andy King
Date Deposited: 07 Aug 2014 14:16 UTC
Last Modified: 08 Dec 2022 16:34 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/42104 (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.