Exploring multiple execution paths for malware analysis

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2007, Pages 231-245

  Moser, Andreas ^a   Kruegel, Christopher ^a   Kirda, Engin ^a  

^a VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER OPERATING SYSTEMS; COMPUTER WORMS; DATA REDUCTION; DYNAMIC ANALYSIS; SUPERVISORY AND EXECUTIVE PROGRAMS;

DYNAMIC ANALYSIS TOOLS; MALWARE ANALYSIS; MULTIPLE EXECUTION; REMOVAL TOOLS;

CODES (SYMBOLS);

EID: 34548737161     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2007.17     Document Type: Conference Paper

References (30)

1. P. Baecher, M. Koetter, T. Holz, M. Dornseif, and F. Freiling. The Nepenthes Platform: An Efficient Approach To Collect Malware. In Recent Advances in Intrusion Detection (RAID), 2006.
2. U. Bayer, C. Kruegel, and E. Kirda. TTAnalyze: A Tool for Analyzing Malware. In 15th Annual Conference of the European Institute for Computer Antivirus Research (EICAR), 2006.
3. F. Bellard. Qemu, a Fast and Portable Dynamic Translator. In Usenix Annual Technical Conference, 2005.
4. K. Borders, X. Zhao, and A. Prakash. Siren: Catching Evasive Malware (Short Paper). In IEEE Symposium on Security and Privacy, 2006.
5. D. Brumley, C. Hartwig, Z. Liang, J. Newsome, D. Song, and H. Yin. Towards Automatically Identifying Trigger-based Behavior in Malware using Symbolic Execution and Binary Analysis. Technical Report CMU-CS-07-105, Carnegie Mellon University, 2007.
6. D. Brumley, J. Newsome, D. Song, H. Wang, and S. Jha. Towards automatic generation of vulnerability-based signatures. In IEEE Symposium on Security and Privacy, 2006.
7. C. Cadar, V Ganesh, P. Pawlowski, D. Dill, and D. Engler. EXE: Automatically Generating Inputs of Death. In Conference on Computer and Communication Security, 2006.
8. M. Christodorescu and S. Jha. Static Analysis of Executables to Detect Malicious Patterns. In Usenix Security Symposium, 2003.
9. M. Christodorescu, S. Jha, S. Seshia, D. Song, and R. Bryant. Semantics-aware Malware Detection. In IEEE Symposium on Security and Privacy, 2005.
10. J. Corbett, M. Dwyer, J. Hatcliff, S. Laubach, C. Pasareanu, Robby, and H. Zheng. Bandera: Extracting Finite-State Models from Java Source Code. In International Conference on Software Engineering (ICSE), 2000.
11. M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: End-to-End Containment of Internet Worms. In 20th ACM Symposium on Operating Systems Principles (SOSP), 2005.
12. J. Crandall and F. Chong. Minos: Architectural support for software security through control data integrity. In International Symposium on Microarchitecture, 2004.
13. J. Crandall, G. Wassermann, D. Oliveira, Z. Su, F. Wu, and F. Chong. Temporal Search: Detecting Hidden Malware Timebombs with Virtual Machines. In Conference on Architectural Support for Programming Languages and OS, 2006.
14. P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In Programming Language Design and Implementation (PLDI), 2005.
15. A. Gotlieb, B. Botella, and M. Rueher. Automatic test data generation using constraint solving techniques. In ACM Symposium on Software Testing and Analysis, 1998.
16. N. Gupta, A. Mathur, and M. Soffa. Automated test data generation using an iterative relaxation method. In Symposium on Foundations of Software Engineering (FSE), 1998.
17. T. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Software Verification with Blast. In 10th SPIN Workshop, 2003.
18. G. Holzmann. The model checker spin. Software Engineering, 23(5), 1997.
19. J. King. Symbolic Execution and Program Testing. Communications of the ACM, 1976.
20. E. Kirda, C. Kruegel, G. Banks, G. Vigna, and R. Kemmerer. Behavior-based Spyware Detection. In Usenix Security Symposium, 2006.
21. C. Kruegel, W. Robertson, and G. Vigna. Detecting Kernel-Level Rootkits Through Binary Analysis. In Annual Computer Security Application Conference (ACSAC), 2004.
22. C. Linn and S. Debray. Obfuscation of Executable Code to Improve Resistance to Static Disassembly. In ACM Conference on Computer and Communications Security, 2003.
23. J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In 12th Annual Network and Distributed System Security Symposium (NDSS), 2005.
24. E. Nightingale, P. Chen, and J. Flinn. Speculative Execution in a Distributed File System. In 20th Symposium on Operating Systems Principles (SOSP), 2005.
25. Norman. Normal Sandbox. http://sandbox.norman.no/, 2006.
26. Symantec. Internet Security Threat Report: Volume X. http://www.symantec. com/enterprise/threatreport/index.jsp, 2006.
27. P. Szor. The Art of Computer Virus Research and Defense. Addison Wesley, 2005.
28. A. Vasudevan and R. Yerraballi. Cobra: Fine-grained Malware Analysis using Stealth Localized-Executions. In IEEE Symposium on Security and Privacy, 2006.
29. C. Willems. CWSandbox: Automatic Behaviour Analysis of Malware. http://www.cwsandbox.org/, 2006.
30. G. Wroblewski. General Method of Program Code Obfuscation. PhD thesis, Wroclaw University of Technology, 2002.