Fast Automated Unpacking and Classification of Malware
作者: Silvio Cesare
DOI:
关键词:
摘要: "Malware is a pervasive problem in distributed computer and network systems. Identification of malware variants provides great benefit in early detection. Control flow has been proposed as a characteristic that can be identified across variants, resulting in classificaiton empoying flowgraph based signatures. Static analysis is widely used to construct the signatures but can be ineffective if malware undergoes a code packing transforrmation to hide its real content. This thesis proposes a novel system, names Malwise, for malware classification using a fast application level emulator to reverse the code packing transformation, and two flowgraph matching algorithms to perform classification: exact flowgraph matching and approximate flowgraph matching"--Abstract.
参考文章(49)
Thomas Raffetseder, Christopher Kruegel, Engin Kirda, Detecting System Emulators Lecture Notes in Computer Science. pp. 1- 18 ,(2007) , 10.1007/978-3-540-75496-1_1
Thomas Dullien, Graph-based comparison of Executable Objects ,(2005)
Ravi Sethi, Jeffrey D. Ullman, Alfred V. Aho, Compilers: Principles, Techniques, and Tools ,(1986)
Fabrice Bellard, QEMU, a fast and portable dynamic translator usenix annual technical conference. pp. 41- 41 ,(2005)
Mila Dalla Preda, Matias Madou, Koen De Bosschere, Roberto Giacobazzi, Opaque predicates detection by abstract interpretation algebraic methodology and software technology. ,vol. 4019, pp. 81- 95 ,(2006) , 10.1007/11784180_9
Fredrik Valeur, Christopher Kruegel, Giovanni Vigna, William Robertson, Static disassembly of obfuscated binaries usenix security symposium. pp. 18- 18 ,(2004)
Johannes Kinder, Florian Zuleger, Helmut Veith, An Abstract Interpretation-Based Framework for Control Flow Reconstruction from Binaries Lecture Notes in Computer Science. pp. 214- 228 ,(2008) , 10.1007/978-3-540-93900-9_19
Kent Griffin, Scott Schneider, Xin Hu, Tzi-cker Chiueh, Automatic Generation of String Signatures for Malware Detection recent advances in intrusion detection. pp. 101- 120 ,(2009) , 10.1007/978-3-642-04342-0_6
Yanjun Wu, Tzi-cker Chiueh, Chen Zhao, Efficient and Automatic Instrumentation for Packed Binaries information security and assurance. pp. 307- 316 ,(2009) , 10.1007/978-3-642-02617-1_32
G. Balakrishnan, T. Reps, D. Melski, T. Teitelbaum, WYSINWYX: What You See Is Not What You eXecute verified software: theories, tools, experiments. pp. 202- 213 ,(2005) , 10.1007/978-3-540-69149-5_22