Extraction of Polymorphic Malware Signatures using Abstract Interpretation Theory

interpretation theory was proposed by P. Cousot and R. Cousot in 1977, and it is widely used in the program’s static analysis domain to construct and approximate the program’s fixpoint semantics. This paper puts forward a detection method for polymorphic malware by applying the theory into the extraction of signatures, describes each step in the abstraction process in detail, and opens up a novel thought for malware detection. The method is proved to be accurate and efficient in real work.