OmniUnpack: Fast, Generic, and Safe Unpacking of Malware
作者: Lorenzo Martignoni , Mihai Christodorescu , Somesh Jha
关键词:
摘要: Malicious software (or malware) has become a growing threat as malware writers have learned that signature- based detectors can be easily evaded by "packing" the malicious payload in layers of compression or encryption. State-of-the-art adopted both static and dynamic techniques to recover pay- load packed malware, but unfortunately such are highly ineffective. In this paper we propose new technique, called OmniUnpack, monitor execution program real-time detect when removed various packing. OmniUnpack aids detection directly providing detector unpacked payload. Experimental results demonstrate effectiveness our approach. is able deal with known unknown packing algorithms introduces low overhead (at most 11% for benign programs).
acsac.org
wordpress.com 参考文章(4)
Peter Szor, The Art of Computer Virus Research and Defense ,(2005)
Carey S. Nachenberg, Polymorphic virus detection module ,(1998)
Paul Royal, Mitch Halpin, David Dagon, Robert Edmonds, Wenke Lee, PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware annual computer security applications conference. pp. 289- 300 ,(2006) , 10.1109/ACSAC.2006.38
Paul England, Kenneth D Ray, Michael Kramer, Scott A Field, On-access scan of memory for malware ,(2005)