MAIL: Malware Analysis Intermediate Language
Shahid Alam
TL;DR
MAIL is a new intermediate language designed to standardize malware analysis by providing platform-independent, annotated representations of assembly code to facilitate automation and improve detection tools.
Contribution
The paper introduces MAIL, a novel intermediate language that enables platform-independent malware analysis and detection through annotated assembly representations.
Findings
MAIL enables platform-independent malware analysis.
Annotations improve detection accuracy.
Facilitates automation in malware detection.
Abstract
This paper introduces and presents a new language named MAIL (Malware Analysis Intermediate Language). MAIL is basically used for building malware analysis and detection tools. MAIL provides an abstract representation of an assembly program and hence the ability of a tool to automate malware analysis and detection. By translating binaries compiled for different platforms to MAIL, a tool can achieve platform independence. Each MAIL statement is annotated with patterns that can be used by a tool to optimize malware analysis and detection.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Digital and Cyber Forensics · Network Security and Intrusion Detection