Abstracting stack to detect obfuscated calls in binaries
作者: A. Lakhotia , E.U. Kumar
DOI: 10.1109/SCAM.2004.1
关键词:
摘要: Information about calls to the operating system (or kernel libraries) made by a binary executable may be used determine whether is malicious. Being aware of this approach, malicious programmers hide information making such without using call instruction. For instance, `call addr' instruction replaced two push instructions and return instruction, first pushes address after second addr. The code further obfuscated spreading three splitting each into multiple instructions. This paper presents method statically detect in code. notion abstract stack introduced associate element that element. An graph concise representation all stacks at every point program. graph, created interpretation executables, other related obfuscations
sci-hub.st 参考文章(30)
Prabhat K. Singh, Arun Lakhotia, CHALLENGES IN GETTING ‘FORMAL’ WITH VIRUSES ,(2003)
Ravi Sethi, Jeffrey D. Ullman, Alfred V. Aho, Compilers: Principles, Techniques, and Tools ,(1986)
Thomas Ball, Susan Horwitz, Slicing Programs with Arbitrary Control-flow AADEBUG '93 Proceedings of the First International Workshop on Automated and Algorithmic Debugging. ,vol. 749, pp. 206- 222 ,(1993) , 10.1007/BFB0019410
Mihai Christodorescu, Somesh Jha, Static analysis of executables to detect malicious patterns usenix security symposium. pp. 12- 12 ,(2003) , 10.21236/ADA449067
Fredrik Valeur, Christopher Kruegel, Giovanni Vigna, William Robertson, Static disassembly of obfuscated binaries usenix security symposium. pp. 18- 18 ,(2004)
Christian Collberg, Douglas Low, C. Thomborson, A Taxonomy of Obfuscating Transformations Department of Computer Science, The University of Auckland, New Zealand. ,(1997)
Gogul Balakrishnan, Thomas Reps, Analyzing Memory Accesses in x86 Executables compiler construction. pp. 5- 23 ,(2006) , 10.1007/978-3-540-24723-4_2
Bill Joy, Guy Steele, James Gosling, Gilad Bracha, None, The Java Language Specification ,(1996)
J. Ebert, B. Kullbach, A. Winter, GraX-an interchange format for reengineering tools Sixth Working Conference on Reverse Engineering (Cat. No.PR00303). pp. 89- 98 ,(1999) , 10.1109/WCRE.1999.806950
Mary Jean Harrold, James A. Jones, Tongyu Li, Donglin Liang, Ashish Gujarathi, Regression test selection for Java software conference on object-oriented programming systems, languages, and applications. ,vol. 36, pp. 312- 326 ,(2001) , 10.1145/504282.504305