BitScope: Automatically Dissecting Malicious Binaries
作者: Pongsin Poosankam , Zhenkai Liang , Dawn Song , Min Gyung Kang , David Brumley
DOI:
关键词:
摘要: Automatic analysis of malicious binaries is necessary in order to scale with the rapid development and recovery malware found wild. The results automatic are useful for creating defense systems understanding current capabilities attackers. We propose an approach dissection which can answer fundamental questions such as what behavior they exhibit, relationships between their inputs outputs, how attacker may be using binary. implement our a system called BitScope. At core BitScope allows us execute symbolic inputs. Executing reason about code paths without constraining particula r input value.
berkeley.edu 参考文章(27)
David Dagon, Cliff Changchun Zou, Wenke Lee, Modeling Botnet Propagation Using Time Zones. network and distributed system security symposium. ,(2006)
Cristian Cadar, David L. Dill, Dawson R. Engler, Vijay Ganesh, Peter M. Pawlowski, EXE: A system for automatically generating inputs of death using symbolic execution computer and communications security. ,(2006)
Farnam Jahanian, Danny McPherson, Evan Cooke, The Zombie roundup: understanding, detecting, and disrupting botnets conference on steps to reducing unwanted traffic on internet. pp. 6- 6 ,(2005)
Ulrich Bayer, Christopher Kruegel, Engin Kirda, TTAnalyze: A Tool for Analyzing Malware Proceedings of the European Institute for Computer Antivirus Research Annual Conference,2006. ,(2006)
T. Holz, A short visit to the bot zoo [malicious bots software] ieee symposium on security and privacy. ,vol. 3, pp. 76- 79 ,(2005) , 10.1109/MSP.2005.58
Fredrik Valeur, Christopher Kruegel, Giovanni Vigna, William Robertson, Static disassembly of obfuscated binaries usenix security symposium. pp. 18- 18 ,(2004)
Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar, Grégoire Sutre, Software verification with BLAST international workshop on model checking software. pp. 235- 239 ,(2003) , 10.1007/3-540-44829-2_17
Felix C. Freiling, Thorsten Holz, Georg Wicherski, Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks Computer Security – ESORICS 2005. pp. 319- 335 ,(2005) , 10.1007/11555827_19
Engin Kirda, Christopher Kruegel, Darren Mutz, Giovanni Vigna, William Robertson, Automating mimicry attacks using static binary analysis usenix security symposium. pp. 11- 11 ,(2005)
Neelam Gupta, Aditya P. Mathur, Mary Lou Soffa, Automated test data generation using an iterative relaxation method foundations of software engineering. ,vol. 23, pp. 231- 244 ,(1998) , 10.1145/288195.288321