Eureka: A Framework for Enabling Static Malware Analysis
作者: Monirul Sharif , Vinod Yegneswaran , Hassen Saidi , Phillip Porras , Wenke Lee
DOI: 10.1007/978-3-540-88313-5_31
关键词:
摘要: We introduce Eureka, a framework for enabling static analysis on Internet malware binaries. Eureka incorporates novel binary unpacking strategy based statistical bigram and coarse-grained execution tracing. The uniquely distinguishes itself from prior work by providing effective evaluation metrics techniques to assess the quality of produced unpacked code. provides several Windows API resolution that identify system calls in code overcoming various existing control flow obfuscations. Eureka's capabilities facilitate structural underlying logic means micro-ontology generation labels groupings identified their functionality. They enable visual understanding through automated construction annotated call graphs.Our multiple datasets reveals can simplify large fraction contemporary successfully deobfuscating references.
springer.com
sri.com 
sci-hub.st 参考文章(22)
Wei-Jen Li, Ke Wang, Salvatore J. Stolfo, Fileprint analysis for Malware Detection 1 ,(2005)
Ulrich Bayer, Christopher Kruegel, Engin Kirda, TTAnalyze: A Tool for Analyzing Malware Proceedings of the European Institute for Computer Antivirus Research Annual Conference,2006. ,(2006)
Mihai Christodorescu, Somesh Jha, Static analysis of executables to detect malicious patterns usenix security symposium. pp. 12- 12 ,(2003) , 10.21236/ADA449067
Engin Kirda, Richard A. Kemmerer, Christopher Kruegel, Greg Banks, Giovanni Vigna, Behavior-based spyware detection usenix security symposium. pp. 19- ,(2006)
Flemming Nielson, Chris Hankin, Hanne R. Nielson, Principles of program analysis ,(1999)
Christian Collberg, Douglas Low, C. Thomborson, A Taxonomy of Obfuscating Transformations Department of Computer Science, The University of Auckland, New Zealand. ,(1997)
Gogul Balakrishnan, Thomas Reps, Analyzing Memory Accesses in x86 Executables compiler construction. pp. 5- 23 ,(2006) , 10.1007/978-3-540-24723-4_2
Ke Wang, Janak J. Parekh, Salvatore J. Stolfo, Anagram: A Content Anomaly Detector Resistant to Mimicry Attack Lecture Notes in Computer Science. pp. 226- 248 ,(2006) , 10.1007/11856214_12
Peter Szor, The Art of Computer Virus Research and Defense ,(2005)
Lorenzo Martignoni, Mihai Christodorescu, Somesh Jha, OmniUnpack: Fast, Generic, and Safe Unpacking of Malware annual computer security applications conference. pp. 431- 441 ,(2007) , 10.1109/ACSAC.2007.15