This document provides a specification language to describe the behavior of code. Consistently with the requirements for an extensible, layered architecture for the behavioral analysis of malware, four different languages are defined, ranging from a complete, low-level description of the code's behavior to a high-level analysis report that is suitable for a human analyst. Furthermore, current approaches to behavioral malware analysis and detection within the wombat project are discussed, most of which already take advantage (or can be extended to take advantage) of the provided specification language.
FP7-ICT-216026-Wombat_WP4_D08_V01_Specification_language_for_code_behaviour.pdf
FP7-ICT-216026-Wombat_WP4_D08_V01_Specification_language_for_code_behaviour.pdf