The Semantic Detection of Viruses
Lead Participant:
DRISQ LTD
Abstract
All pieces of self-replicating malware have a signature. However, malware can change form, so the signature of the malware is different even though it has the same destructive behaviour. This means that current techniques will always play catch up with new forms of the same piece of self-replicating malware. By using formal methods to detect the semantics of self-replication, we have the opportunity to detect any self-replicating malware (even if it is unknown or metamorphic) and thus have an opportunity to remove it before any damage can be done. The approach is novel because current techniques detect the signature of malware and then remove it. We have undertaken foundation research to show that we can detect self-replicating behaviour in a sample of obfuscated binary for an ARM processor. Our objective in this project is to expand the applicability and examine scalability.
Lead Participant | Project Cost | Grant Offer |
---|---|---|
DRISQ LTD | £88,380 | £ 53,028 |
  | ||
Participant |
||
INNOVATE UK |
People |
ORCID iD |
Nick Tudor (Project Manager) |