SCOPUS 정보 검색 플랫폼 - 논문 보기

메뉴 건너뛰기

6th International Workshop on Visualization for Cyber Security 2009, VizSec 2009 - Proceedings

Volumn , Issue , 2009, Pages 27-32

Visualizing compiled executables for malware analysis

(2) Quist, Daniel A a Liebrock, Lorie M b

a LOS ALAMOS NATIONAL LABORATORY (United States)

b NEW MEXICO INSTITUTE OF MINING AND TECHNOLOGY (United States)

Author keywords

Dynamic analysis; Reverse engineering; Visualization

Indexed keywords

EXECUTABLES; HYPERVISOR; KEY FEATURE; MALWARES; PROGRAM EXECUTION; REVERSE ENGINEERS; STEEP LEARNING CURVE; USER STUDY;

COMPUTER CRIME; ETHERS; FEATURE EXTRACTION; PROGRAM TRANSLATORS; REENGINEERING; REVERSE ENGINEERING; VISUALIZATION;

DYNAMIC ANALYSIS;

EID: 77949357077 PISSN: None EISSN: None Source Type: Conference Proceeding
DOI: 10.1109/VIZSEC.2009.5375539 Document Type: Conference Paper

Times cited : (71)

References (23)

1
- 77949380659
- F-Secure Blog
- K. Alkio. Mbr rootkit, a new breed of malware. F-Secure Blog. http://www.f-secure.com/weblog/archives/ 00001393.html.
- Mbr rootkit, a new breed of malware
- Alkio, K.¹

2
- 33748938312
- Masters thesis, Technical University of Vienna
- U. Bayer. Ttanalyze: A tool for analyzing malware. Masters thesis, Technical University of Vienna, 2005.
- (2005) Ttanalyze: A tool for analyzing malware
- Bayer, U.¹

3
- 36448946902
- Visual exploration of function call graphs for feature location in complex software systems
- New York, NY, USA, ACM
- J. Bohnet and J. Döllner. Visual exploration of function call graphs for feature location in complex software systems. In SoftVis '06: Proceedings of the 2006 ACM symposium on Software visualization, pages 95-104, New York, NY, USA, 2006. ACM.
- (2006) SoftVis '06: Proceedings of the 2006 ACM symposium on Software visualization , pp. 95-104
- Bohnet, J.¹ Döllner, J.²

4
- 0034770594
- Computer security analysis through decompilation and high-level debugging
- IEEE Computer Society Washington, DC, USA
- C. Cifuentes, T. Waddington, and M. V. Emmerik. Computer security analysis through decompilation and high-level debugging. In Eighth Working Conference on Reverse Engineering. IEEE Computer Society Washington, DC, USA, 2001.
- (2001) Eighth Working Conference on Reverse Engineering
- Cifuentes, C.¹ Waddington, T.² Emmerik, M.V.³

5
- 70349240080
- Ether: Malware analysis via hardware virtualization extensions
- Nov
- A. Dinaburg, P. Royal, M. Sharif, and W. Lee. Ether: Malware analysis via hardware virtualization extensions. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), Nov. 2008.
- (2008) Proceedings of the ACM Conference on Computer and Communications Security (CCS)
- Dinaburg, A.¹ Royal, P.² Sharif, M.³ Lee, W.⁴

6
- 38349023177
- Attacks on virtual machine emulators
- P. Ferrie. Attacks on virtual machine emulators. Symantec Advanced Threat Research, 2006.
- (2006) Symantec Advanced Threat Research
- Ferrie, P.¹

7
- 77949370639
- P. Ferrie. Anti-unpacker tricks - part one. Virus Bulletin, 2008.
- P. Ferrie. Anti-unpacker tricks - part one. Virus Bulletin, 2008.

8
- 77949455259
- A study of the packer and its solutions
- Cambridge, Massachusettes
- F. Guo, P. Ferrie, and T.-c. Chiueh. A study of the packer and its solutions. In RAID, Cambridge, Massachusettes.
- RAID
- Guo, F.¹ Ferrie, P.² Chiueh, T.-C.³

9
- 77949344936
- Advanced software armoring and polymorphic kung-fu
- Aug
- N. Harbour. Advanced software armoring and polymorphic kung-fu. In Defcon 16, Aug. 2008.
- (2008) Defcon , vol.16
- Harbour, N.¹

10
- 77949398847
- Responder professional
- HBGary. Responder professional. Product Description Page. https://www.hbgary.com/products-services/ responder-professional/.
- Product Description Page

11
- 84872105982
- Product Description
- Hexrays. Ida pro disassembler and debugger. Product Description Page. http://www.hex-rays.com/idapro/.
- Ida pro disassembler and debugger
- Hexrays¹

12
- 70349448915
- Renovo: A hidden code extractor for packed executables
- Oct
- M. G. Kang, P. Poosankam, and H. Yin. Renovo: A hidden code extractor for packed executables. In Proceedings of the 5th ACM Workshop on Recurring Malcode (WORM), Oct. 2007.
- (2007) Proceedings of the 5th ACM Workshop on Recurring Malcode (WORM)
- Kang, M.G.¹ Poosankam, P.² Yin, H.³

13
- 34547448056
- Finding diversity in remote code injection exploits
- Rio de Janeiro, Brazil, ACM
- J. Ma, J. Dunagan, H. J.Wang, S. Savage, and G. M. Voelker. Finding diversity in remote code injection exploits. In Internet Measurement Conference, Rio de Janeiro, Brazil, 2006. ACM.
- (2006) Internet Measurement Conference
- Ma, J.¹ Dunagan, J.² Wang, H.J.³ Savage, S.⁴ Voelker, G.M.⁵

14
- 35448955692
- Valgrind: A framework for heavyweight dynamic binary instrumentation
- San Diego, CA, ACM
- N. Nethercote and J. Seward. Valgrind: A framework for heavyweight dynamic binary instrumentation. In ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation (PLDI 2007), San Diego, CA, 2007. ACM.
- (2007) ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation (PLDI 2007)
- Nethercote, N.¹ Seward, J.²

15
- 57949115209
- Covert debugging: Circumventing software armoring
- Aug
- D. Quist and V. Smith. Covert debugging: Circumventing software armoring. In Blackhat USA, Aug. 2007.
- (2007) Blackhat USA
- Quist, D.¹ Smith, V.²

16
- 77950142581
- Alternative medicine: The malware analyst's blue pill
- Aug
- P. Royal. Alternative medicine: The malware analyst's blue pill. In Blackhat USA, Aug. 2008.
- (2008) Blackhat USA
- Royal, P.¹

17
- 77949353766
- P. Royal, M. Halpin, D. Dagon, R. Edmonds, andW. Lee. Polyunpack: Automating the hidden-code extraction of unpack-executing malware, 2006.
- P. Royal, M. Halpin, D. Dagon, R. Edmonds, andW. Lee. Polyunpack: Automating the hidden-code extraction of unpack-executing malware, 2006.

18
- 80053624333
- Ollybone: Semi-automatic unpacking on ia-32
- Las Vegas, NV
- J. Stewart. Ollybone: Semi-automatic unpacking on ia-32. In Defcon 14, Las Vegas, NV, 2006.
- (2006) Defcon 14
- Stewart, J.¹

19
- 63449083987
- An interactive reverse engineering environment for large-scale c++ code
- New York, NY, USA, ACM
- A. Telea and L. Voinea. An interactive reverse engineering environment for large-scale c++ code. In SoftVis '08: Proceedings of the 4th ACM symposium on Software visualization, pages 67-76, New York, NY, USA, 2008. ACM.
- (2008) SoftVis '08: Proceedings of the 4th ACM symposium on Software visualization , pp. 67-76
- Telea, A.¹ Voinea, L.²

20
- 77949395634
- Hobart, Tasmania, Australia, January, Australian Computer Society, Inc
- A. Vasudevan and R. Yerraballi. Spike: Engineering malware analysis tools using unobtrusive binary-instrumentation. volume 48, Hobart, Tasmania, Australia, January 2006. Australian Computer Society, Inc.
- (2006) Spike: Engineering malware analysis tools using unobtrusive binary-instrumentation , vol.48
- Vasudevan, A.¹ Yerraballi, R.²

21
- 56449096775
- Visual analysis of program flow data with data propagation
- Berlin, Heidelberg, Springer-Verlag
- Y. Xia, K. Fairbanks, and H. Owen. Visual analysis of program flow data with data propagation. In VizSec '08: Proceedings of the 5th international workshop on Visualization for Computer Security, pages 26-35, Berlin, Heidelberg, 2008. Springer-Verlag.
- (2008) VizSec '08: Proceedings of the 5th international workshop on Visualization for Computer Security , pp. 26-35
- Xia, Y.¹ Fairbanks, K.² Owen, H.³

22
- 77949359505
- Product Description
- O. Yuschuk. Ollydbg debugger and disassembler. Product Description Page. http://www.ollydbg.de/.
- Ollydbg debugger and disassembler
- Yuschuk, O.¹

23
- 77949375517
- Company Product Description Page. http
- Zynamics. Binnavi. Company Product Description Page. http: //www.zynamics.com/binnavi.html.
- Binnavi

* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.