Impeding automated malware analysis with environment-sensitive malware

HotSec 2012 - 7th USENIX Workshop on Hot Topics in Security

Volumn , Issue , 2012, Pages

  Song, Chengyu ^a   Royal, Paul ^a   Lee, Wenke ^a  

^a GEORGIA INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

AUTOMATION;

AUTOMATED ANALYSIS; ENVIRONMENT-SENSITIVE; EXPONENTIAL GROWTH; MALWARE ANALYSIS; SCALABILITY PROBLEMS;

MALWARE;

EID: 85061877313     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (16)

1. BRUMLEY, D., HARTWIG, C., LIANG, Z., NEWSOME, J., SONG, D., AND YIN, H. Automatically identifying trigger-based behavior in malware. Botnet Detection (2008), 65-88.
2. CABALLERO, J., POOSANKAM, P., KREIBICH, C., AND SONG, D. Dispatcher: Enabling Active Botnet Infiltration using Automatic Protocol Reverse-Engineering. In Proceedings of the 16th ACM Conference on Computer and Communication Security (2009), CCS'09.
3. CHUNG, S., AND MOK, A. Allergy attack against automatic signature generation. In Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection (2006).
4. COOGAN, K., LU, G., AND DEBRAY, S. Deobfuscation of virtualization-obfuscated software: a semantics-based approach. In Proceedings of the 18th ACM conference on Computer and Communications Security (2011).
5. DINABURG, A., ROYAL, P., SHARIF, M., AND LEE, W. Ether: malware analysis via hardware virtualization extensions. In Proceedings of the 15th ACM conference on Computer and Communications Security (2008).
6. DUNN, A. M., HOFMANN, O. S., WATERS, B., AND WITCHEL, E. Cloaking malware with the trusted platform module. In Proceedings of the 20th USENIX conference on Security (2011).
7. KIRDA, E., KRUEGEL, C., BANKS, G., VIGNA, G., AND KEM-MERER, R. Behavior-based spyware detection. In Proceedings of the USENIX Security Symposium (2006).
8. KOLBITSCH, C., COMPARETTI, P., KRUEGEL, C., KIRDA, E., ZHOU, X., AND WANG, X. Effective and efficient malware detection at the end host. In Proceedings of the 18th conference on USENIX security symposium (2009).
9. PALEARI, R., MARTIGNONI, L., ROGLIA, G., AND BRUSCHI, D. A fistful of red-pills: How to automatically generate procedures to detect cpu emulators. In Proceedings of the 3rd USENIX conference on Offensive technologies (2009).
10. ROYAL, P., HALPIN, M., DAGON, D., EDMONDS, R., AND LEE, W. Polyunpack: Automating the hidden-code extraction of unpack-executing malware. In Proceedings of the 22nd Computer Security Applications Conference (ACSAC) (2006).
11. SAITO, Y. Jockey: a user-space library for record-replay debugging. In Proceedings of the sixth international symposium on Automated analysis-driven debugging (2005).
12. SHARIF, M., LANZI, A., GIFFIN, J., AND LEE, W. Impeding malware analysis using conditional code obfuscation. In Network and Distributed System Security (NDSS) (2008).
13. SHARIF, M., LANZI, A., GIFFIN, J., AND LEE, W. Automatic reverse engineering of malware emulators. In Proceedings of the 30th IEEE Symposium on Security and Privacy (2009).
14. VASUDEVAN, A., AND YERRABALLI, R. Cobra: Fine-grained malware analysis using stealth localized-executions. In Security and Privacy, 2006 IEEE Symposium on (2006).
15. YIN, H., LIANG, Z., AND SONG, D. HookFinder: Identifying and understanding malware hooking behaviors. In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08) (2008).
16. YIN, H., SONG, D., EGELE, M., KRUEGEL, C., AND KIRDA, E. Panorama: Capturing system-wide information flow for malware detection and analysis. In Proceedings of the 14th ACM conference on Computer and Communications Security (2007), CCS'07.