Better Malware Detection via Discriminative Specifications and System-Centric Models

Mihai Christodorescu
IBM T.J. Watson Research Center


Fueled by an emerging underground economy, malware authors are exploiting vulnerabilities at an alarming rate. To make matters worse, obfuscation tools are commonly available, and much of the malware is open source, leading to a huge number of variants. Developing detectors for malware is currently an art form, applied in reactive fashion, always in response to new techniques from malware writers. Moving towards a formally sound detection approach requires understanding how malware and benign programs are different and how they are similar.