Impeding Malware Analysis Using Conditional Code Obfuscation
作者: Wenke Lee , Monirul I. Sharif , Andrea Lanzi , Jonathon T. Giffin
DOI:
关键词: PATH (variable) 、 Malware analysis 、 Symbolic execution 、 Key (cryptography) 、 Obfuscation (software) 、 Computer science 、 Encryption 、 Code (cryptography) 、 Computer security 、 Malware 、 Programming language
摘要: Malware programs that incorporate trigger-based behavior initiate malicious activities based on conditions satisfied only by specific inputs. State-of-the-art malware analyzers discover code guarded triggers via multiple path exploration, symbolic execution, or forced conditional all without knowing the trigger We present a obfuscation technique automatically conceals from these analyzers. Our transforms program encrypting is conditionally dependent an input value with key derived and then removing program. have implemented compiler-level tool takes source generates obfuscated binary. Experiments various existing samples show our can hide significant portion of code. provide insight into strengths, weaknesses, possible ways to strengthen current analysis approaches in order defeat this technique.
ndss-symposium.org
isoc.org
researchgate.net 参考文章(27)
Ulrich Bayer, Christopher Kruegel, Engin Kirda, TTAnalyze: A Tool for Analyzing Malware Proceedings of the European Institute for Computer Antivirus Research Annual Conference,2006. ,(2006)
Mihai Christodorescu, Somesh Jha, Static analysis of executables to detect malicious patterns usenix security symposium. pp. 12- 12 ,(2003) , 10.21236/ADA449067
Saumya K. Debray, Gregory R. Andrews, Igor V. Popov, Binary obfuscation using signals usenix security symposium. pp. 19- ,(2007)
Engin Kirda, Richard A. Kemmerer, Christopher Kruegel, Greg Banks, Giovanni Vigna, Behavior-based spyware detection usenix security symposium. pp. 19- ,(2006)
Christian Collberg, Douglas Low, C. Thomborson, A Taxonomy of Obfuscating Transformations Department of Computer Science, The University of Auckland, New Zealand. ,(1997)
Peter Szor, The Art of Computer Virus Research and Defense ,(2005)
Moti Yung, Adam Young, Cryptovirology: extortion-based security threats and countermeasures ieee symposium on security and privacy. pp. 129- 140 ,(1996) , 10.5555/525080.884259
Saurabh Sinha, Mary Jean Harrold, Gregg Rothermel, Interprocedural control dependence ACM Transactions on Software Engineering and Methodology. ,vol. 10, pp. 209- 254 ,(2001) , 10.1145/367008.367022
David Moore, Colleen Shannon, k claffy, Code-Red: a case study on the spread and victims of an internet worm acm special interest group on data communication. pp. 273- 284 ,(2002) , 10.1145/637201.637244
Lorenzo Martignoni, Mihai Christodorescu, Somesh Jha, OmniUnpack: Fast, Generic, and Safe Unpacking of Malware annual computer security applications conference. pp. 431- 441 ,(2007) , 10.1109/ACSAC.2007.15