 |
 |
|
|
|
|
|
|||
|
|
|||
|
July 2-5, 2008, Pereslavl-Zalessky (120 km to the north-east from Moscow), Russia |
|
|
|
|
|
|
|
|
|
|
|
Supercompilation for Equivalence Testing in Metamorphic Computer Viruses Detection
Alexei P. Lisitsa and Matt Webster
|
Abstract |
Full text
|
In this paper we present a novel approach to detection of metamorphic computer viruses by using supercompilation for proving program equivalence. Supercompilation is a program transformation process that traces possible generalized histories of a program execution in an attempt to reduce redundancy. As we will show, we can use the supercompilation process to produce supercompiled versions of metamorphic code fragments that are identical. This is useful for the detection of metamorphic computer viruses, which can be achieved by proving equivalence of a metamorphic computer virus signature to some suspect code fragment. We report on experiments in which we used supercompiler SCP4 and an interpreter for a small subset of Intel 64 instruction set implemented in Refal.