Semantic malware detection.

Polymorphic and metamorphic malware use code obfuscation techniques to construct new variants which preserve the
semantics of the original but change the code syntax, evading current compiled code based detection methods. Dynamic slicing is a technique that, given a variable of interest within a program, isolates a relevant subset of executed program code that influences that variable. Using dynamic slicing to condition semantic traces identifies ‘core’ behaviours that, as part of an overall semantics based approach, has the potential to play a significant rˆole in detecting difficult malware variants. We preface this by a discussion of the motivation and the contextual role for this form of slicing in semantics based
matching. A brief outline of the semantic trace mapping algorithm is presented with an example. We complete the report with presentation of our test data generation technique using backward domain reduction with some examples as a stand-alone step in the process of genearting data inputs for producing unique semantic program traces.