Detecting malicious software behavior using signature-based static analysis

摘要

According to an aspect of an embodiment, a method may include determining a set of entity instances in a software program. Each entity instance may correspond to a program entity through which the software program performs an interaction with an external entity that is external to the software program. The method may also include determining an identity of each external entity. Additionally, the method may include determining a set of data-flow predicates and a set of control-flow predicates that are satisfied by the software program. Further, the method may include comparing the set of data-flow predicates and the set of control-flow predicates with a signature library that includes one or more malicious software signatures. The method may further include determining that the software program is malicious in response to the set of data-flow predicates and the set of control-flow predicates matching one or more malicious software signatures.