Dynamic binary instrumentation-based framework for malware defense

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5137 LNCS, Issue , 2008, Pages 64-87

  Aaraj, Najwa ^a   Raghunathan, Anand ^b   Jha, Niraj K ^a  

^a Princeton University   (United States)

^b NEC LABORATORIES AMERICA   (United States)

Author keywords

Control data flow; Dynamic binary instrumentation; Execution context; Malware; Virtualization

Indexed keywords

BEHAVIORAL MODELING; BEHAVIORAL PATTERNS; CONTINUOUS LEARNING; CONTROL-DATA FLOW; CURRENT TECHNIQUES; DYNAMIC BINARY INSTRUMENTATION; EXECUTION CONTEXT; EXECUTION ENVIRONMENTS; EXECUTION TIMES; INFORMATION SECURITY; INTERNATIONAL CONFERENCES; MALICIOUS SOFTWARE; MALWARE; MALWARE ATTACKS; MALWARE DETECTION; OPERATING SYSTEMS; REAL ENVIRONMENTS; RUN-TIME MONITORING; SECURITY POLICIES; TESTING ENVIRONMENT; VIRTUALIZATION; VULNERABILITY ASSESSMENTS; WINDOWS XP;

BINARY SEQUENCES; COMPUTER OPERATING SYSTEMS; COMPUTER SOFTWARE; INFORMATION SERVICES; INSTRUMENTS; PROCESS ENGINEERING; SECURITY OF DATA; SECURITY SYSTEMS; SOFTWARE TESTING; VIRUSES;

COMPUTER CRIME;

EID: 49949108190     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-70542-0_4     Document Type: Conference Paper

References (38)

1. Computer Security Institute, CSI Survey 2007 (2007), http://www.gocsi.com
2. Virus Bulletin (2007), http://www.virusbtn.com/news/2007
3. Symantec Security Response (2007), http://www.symantec.com
4. The difference between a virus, worm and trojan horse (2004), http://www.webopedia. com/DidYouKnow/Intemet/2004/virus.asp
5. Szor, P.: The Art of Computer Virus Research and Defense. Addison-Wesley Professional, Reading (2005)
6. Norman SandBox Pro-active virus protection (2004), http://lan-aces.com/ Norman_Sandbox.pdf
7. Gordon, S., Howard, F.: Antivirus software testing for the new millenium. In: Proc. National Information Systems Security Conf., pp. 125-139 (October 2000)
8. Westcoast labs: Checkmark certification (2007), http://www.westcoastlabs. com/checkmark
9. Zhou, Q.: A service-oriented solution framework for distributed virus detection and vulnerability remediation (VDVR) system. In: Proc. Int. Gryptology Conf. Services Computing, pp. 569-573 (July 2007)
10. Shin-Jia, H., Kuang-Hsi, C.: A proxy automatic signature scheme using a compiler in distributed systems for unknown virus detection. In: Proc. Int. Conf. Advanced Information Networking and Applications, pp. 649-654 (March 2005)
11. Yoo, I., Ultes-Nitsche, U.: Adaptive detection, of worms/viruses in firewalls. In: Proc. Int. Conf. Security Technology (October 2004)
12. Henchiri, O., Japkowicz, N.: A feature selection and evaluation scheme for computer virus detection. In: Proc. Int. Conf. Data Mining, pp. 891-895 (December 2006)
13. Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: Capturing system-wide information flow for maiware detection and analysis. In: Proc. ACM Conf. Computer and Communication Security, pp. 116-127 (October 2007)
14. Rozinov, K.: Reverse code engineering: An in-depth analysis of the Bagle virus. In: Proc. Wkshp. Information Assurance and Security, pp. 380 387 (June 2005)
15. Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware maiware detection. In: Proc. IEEE Symp. Security and Privacy, pp. 32-46 (May 2005)
16. Preda, M.D., Christodorescu, M., Jha, S., Debray, S.: A semantics-based approach to malware detection. In: Proc. Conf. Principles of Programming Languages, pp. 377-388 (January 2007)
17. Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: Proc. IEEE Symp. Security and Privacy, pp. 231-245 (May 2007)
18. Goldberg, I., Wagner, D., Thomas, R., Brewer, E.A.: A. secure environment for untrusted helper applications confining the wily hacker. In: Proc. Conf. USENIX Security Symp., pp. 1-13 (July 1996)
19. Peterson, D.S., Bishop, M., Pandey, R.: A flexible containment mechanism for executing untrusted code. In: Proc. Conf. USENIX Security Symp., pp. 207-225 (August 2002)
20. Lam, L.-C., Yu, Y., Chiueh, T.-C.: Secure mobile code execution service. In: Proc. Conf. Large Installation System Administration, pp. 53-62 (December 2006)
21. VMWare Inc., Palo Alto, VMWare browser appliance (2006), http://www.vmware.com/appliances/directory/browserapp.html
22. Provos, N., Holz, T.: Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison-Wesley, Reading (2007)
23. Intel vPro Processor Technology (2007), http://www.intel.com/business/ vpro
24. Aaraj, N., Raghunathan, A., Jha, N.K.: Virtualization-assisted framework for prevention of software vulnerability based security attacks. Tech. Rep. CE-J07-001, Dept. of Electrical Engineering, Princeton University (December 2007)
25. Luk, C.-K., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V.J., Hazelwood, K.: Pin: Building customized program analysis tools with dynamic instrumentation. In: Proc. Programming Language Design and Implementation Forum, pp. 190-200 (June 2005)
26. Hangai, S., Lam, M.S.: Tracking down software bugs using automatic anomaly detection. In: Proc. Int. Conf. Software Engineering, pp. 291-301 (May 2002)
27. Ernst, M.D., Cockrell, J., Griswold, W.G., Notkin, D.: Dynamically discovering likely program invariants to support program evolution. In: Proc. Int. Conf. Software Engineering, pp. 213-224 (May 1999)
28. Symantec corporation, Cupertino, The digital immune system (2007), http://www.symantec.com/avcenter/reference/dis.tech.brief.pdf
29. STP: A decision procedure for bitvectors and arrays (2007), http://theory.stanford.edu/~vganesh/stp.html
30. Cadar, C., Ganesh, V., Pawlowski, P.M., Dill, D.L., Engler, D.R.: EXE: Automatically generating inputs of death. In: Proc. ACM Conf. Computer and Communications Security, pp. 322-335 (November 2006)
31. Brumley, D., Hartwig, C., Liang, Z., Newsome, J., Song, D., Yin, IL: Automatically identifying trigger-based behavior in maiware (2007), http://bitblaze.cs.berkeley.edu/papers/botnet.book-2007.pdf
32. XenSource: Delivering the Power of Xen (2007), http://www.xensource.com
33. VMWare Inc., Palo Alto, Virtual Appliance Marketplace (2007), http://www.vmware.com/appliances
34. VX Heavens (2007), http://vx.netlux.org
35. Computer Virus Codes (2007), http://virus-codes.blogspot.com
36. ELFCrypt (2005), http://www.infogreg.com/source-code/public-domain/ elfcrypt-v1.0.html
37. UPX: the Ultimate Packer for eXecutables (2007), http://upx.sourceforge. net
38. Obfuscator download (2006), http://www.soft32.com/download.186322.html