An Automatic Approach to Detect Anti-debugging in Malware Analysis
作者: Peidai Xie , Xicheng Lu , Yongjun Wang , Jinshu Su , Meijian Li
DOI: 10.1007/978-3-642-35795-4_55
关键词:
摘要: Anti-debugging techniques are broadly used by malware authors to prevent security researchers from reversing engineering their created samples. However, the countermeasures identify anti-debugging code patterns insufficient, and mainly manual, which is an expensive, time-consuming, error-prone process. There no automatic approaches can be detect in samples effectively. In this paper, we present approach, based on instruction traces derived dynamic analysis instruction-based pattern matching method, tricks automatically. We evaluate approach with a large number of collected wild. The experience shows that our proposed effective about 40% experimental data set has been embedded code.
springer.com
springerlink.com参考文章(9)
Tao Wei, Jian Mao, Wei Zou, Yu Chen, A new algorithm for identifying loops in decompilation static analysis symposium. pp. 170- 183 ,(2007) , 10.1007/978-3-540-74061-2_11
Fabrice Bellard, QEMU, a fast and portable dynamic translator usenix annual technical conference. pp. 41- 41 ,(2005)
Yuhei Kawakoya, Makoto Iwamura, Mitsutaka Itoh, Memory behavior-based automatic malware unpacking in stealth debugging environment international conference on malicious and unwanted software. pp. 39- 46 ,(2010) , 10.1109/MALWARE.2010.5665794
Yoann Guillot, Alexandre Gazet, Automatic binary deobfuscation Journal in Computer Virology. ,vol. 6, pp. 261- 276 ,(2010) , 10.1007/S11416-009-0126-4
Vugranam C. Sreedhar, Guang R. Gao, Yong-Fong Lee, Identifying loops using DJ graphs ACM Transactions on Programming Languages and Systems. ,vol. 18, pp. 649- 658 ,(1996) , 10.1145/236114.236115
Igor Santos, Xabier Ugarte-Pedrero, Borja Sanz, Carlos Laorden, Pablo G Bringas, None, Collective classification for packed executable identification Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference on - CEAS '11. pp. 23- 30 ,(2011) , 10.1145/2030376.2030379
Manuel Egele, Theodoor Scholte, Engin Kirda, Christopher Kruegel, A survey on automated dynamic malware-analysis techniques and tools ACM Computing Surveys. ,vol. 44, pp. 6- ,(2008) , 10.1145/2089125.2089126
Xu Chen, Jon Andersen, Z Morley Mao, Michael Bailey, Jose Nazario, None, Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware dependable systems and networks. pp. 177- 186 ,(2008) , 10.1109/DSN.2008.4630086
Andreas Moser, Christopher Kruegel, Engin Kirda, Exploring Multiple Execution Paths for Malware Analysis ieee symposium on security and privacy. pp. 231- 245 ,(2007) , 10.1109/SP.2007.17