Polymorphic and metamorphic malware detection
作者: Douglas S. Reeves , Qinghua Zhang
DOI:
关键词:
摘要: Software attacks are a serious problem. Conventional anti-malware software expects malicious software, malware, to contain fixed and known code. Malware writers have devised methods of concealing or constantly changing their evade software. Two important recent techniques polymorphism, which makes uses code encryption, metamorphism, variety obfuscation techniques. This dissertation presents three new for detection these malware. The first technique is recognize polymorphic malware that encrypted self-decrypt before launching the in network traffic. We propose approach combines static analysis instruction emulation more accurately identify starting location instructions decryption routine, characteristic such even if self-modifying used. method has been implemented tested on current exploits, including ones generated by state-of-the-art engines. All exploits detected (i.e., 100% rate), those routine dynamically coded self-modifying. The also benign traffic Windows executables. false positive rates approximately .0002% .01% two categories, respectively. Running time linear size payload being analyzed between 1 2 MB/s.
参考文章(83)
Dawn Xiaodong Song, James Newsome, Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software network and distributed system security symposium. ,(2005)
Qinghua Zhang, Douglas S. Reeves, MetaAware: Identifying Metamorphic Malware annual computer security applications conference. pp. 411- 420 ,(2007) , 10.1109/ACSAC.2007.9
R. Sekar, M. Bendre, D. Dhurjati, P. Bollineni, A fast automaton-based method for detecting anomalous program behaviors ieee symposium on security and privacy. pp. 144- 155 ,(2001) , 10.1109/SECPRI.2001.924295
Jun Xu, Z. Kalbarczyk, R.K. Iyer, Transparent runtime randomization for security symposium on reliable distributed systems. pp. 260- 269 ,(2003) , 10.1109/RELDIS.2003.1238076
Feng Qin, Joseph Tucek, Jagadeesan Sundaresan, Yuanyuan Zhou, Rx: treating bugs as allergies---a safe method to survive software failures symposium on operating systems principles. ,vol. 39, pp. 235- 248 ,(2005) , 10.1145/1095809.1095833
Wei Li, Lap-chung Lam, Tzi-cker Chiueh, How to Automatically and Accurately Sandbox Microsoft IIS annual computer security applications conference. pp. 213- 222 ,(2006) , 10.1109/ACSAC.2006.31
Henry M. Levy, Alexander Moshchuk, Steven D. Gribble, Tanya Bragin, A Crawler-based Study of Spyware on the Web network and distributed system security symposium. ,(2005)
Anirudh Ramachandran, Nick Feamster, Understanding the network-level behavior of spammers acm special interest group on data communication. ,vol. 36, pp. 291- 302 ,(2006) , 10.1145/1151659.1159947
Levi Lloyd, Ken Chiang, A case study of the rustock rootkit and spam bot conference on workshop on hot topics in understanding botnets. pp. 10- 10 ,(2007)
G.J. Holzmann, The model checker SPIN formal methods in software practice. ,vol. 23, pp. 279- 295 ,(1997) , 10.1109/32.588521