research-article

A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion: PC, Mobile, and Web

Authors:

Alexei Bulazel,

Bülent YenerAuthors Info & Claims

ROOTS: Proceedings of the 1st Reversing and Offensive-oriented Trends Symposium

Article No.: 2, Pages 1 - 21

https://doi.org/10.1145/3150376.3150378

Published: 16 November 2017 Publication History

Abstract

Automated dynamic malware analysis systems are important in combating the proliferation of modern malware. Unfortunately, malware can often easily detect and evade these systems. Competition between malware authors and analysis system developers has pushed each to continually evolve their tactics for countering the other.

In this paper we systematically review i) "fingerprint"-based evasion techniques against automated dynamic malware analysis systems for PC, mobile, and web, ii) evasion detection, iii) evasion mitigation, and iv) offensive and defensive evasion case studies. We also discuss difficulties in experimental evaluation, highlight future directions in offensive and defensive research, and briefly survey related topics in anti-analysis.

References

[1]

{n. d.}. Cuckoo Sandbox. https://cuckoosandbox.org/. ({n. d.}).

[2]

{n. d.}. VirtualBox. https://www.virtualbox.org. ({n. d.}).

[3]

{n. d.}. VMware. http://www.vmware.com/. ({n. d.}).

[4]

2003. Norman SandBox Whitepaper. http://download.norman.no/whitepapers/whitepaper_Norman_SandBox.pdf. (2003).

[5]

Lillian Ablon and Timothy Bogart. 2017. Zero Days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits. Technical Report. RAND Corporation.

Digital Library

[6]

Alberto Ortega. {n. d.}. Paranoid Fish. https://github.com/a0rtega/pafish. ({n.d.}).

[7]

Andrea Allievi and Richard Johnson. 2017. Harnessing Intel Processor Trace on Windows for Vulnerability Discovery. (2017). Talk at REcon Brussels, Brussels, Belgium.

[8]

Abdulla Alwabel, Hao Shi, Genevieve Bartlette, and Jelena Mirkovic. 2014. Safe and Automated Live Malware Experimentation on Public Testbeds. In 7th Workshop on Cyber Security Experimentation and Test (CSET '14).

Digital Library

[9]

Various Authors. 2014. Special Issue on Biometric Spoofing and Countermeasures. IEEE Transactions on Information Forensics and Security 9, 6.

[10]

Golam Sarwar Babil, Olivier Mehani, Roksana Boreli, and Mohamed-Ali Kaafar. 2013. On the Effectiveness of Dynamic Taint Analysis for Protecting Against Private Information Leaks on Android-based Devices. In Proceedings of the 2013 International Conference on Security and Cryptography (SECRYPT). IEEE.

[11]

Sina Bahram, Xuxian Jiang, Zhi Wang, Mike Grace, Jinku Li, Deepa Srinivasan, Junghwan Rhee, and Dongyan Xu. 2010. DKSM: Subverting Virtual Machine Introspection for Fun and Profit. In 2010 29th IEEE Symposium on Reliable Distributed Systems. IEEE.

Digital Library

[12]

Davide Balzarotti, Marco Cova, Christoph Karlberger, and Engin Kirda. 2010. Efficient Detection of Split Personalities in Malware. In Proceedings of the Symposium on Network And Distributed System Security (NDSS).

[13]

Sebastian Banescu, Christian Collberg, Vijay Ganesh, Zack Newsham, and Alexander Pretschner. 2016. Code Obfuscation Against Symbolic Execution Attacks. In Proceedings of the 32nd Annual Conference on Computer Security Applications. ACM.

Digital Library

[14]

Gabriel Negreira Barbosa and Rodrigo Rubira Branco. 2014. Prevalent Characteristics in Modern Malware. (2014). Talk at Black Hat 2014, Las Vegas, Nevada.

[15]

Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. 2003. Xen and the Art of Virtualization. In ACM SIGOPS Operating Systems Review, Vol. 37. ACM.

Digital Library

[16]

Brian Bartholomew and Juan Andrés Guerrero-Saade. 2016. Wave Your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks. (2016). Talk at Virus Bulletin International Conference, Denver, CO.

[17]

Erick Bauman, Gbadebo Ayoade, and Zhiqiang Lin. 2015. A Survey on Hypervisor-Based Monitoring: Approaches, Applications, and Evolutions. ACM Computing Surveys (CSUR) 48, 1 (2015).

Digital Library

[18]

Ulrich Bayer, Engin Kirda, and Christopher Kruegel. 2010. Improving the Efficiency of Dynamic Malware Analysis. In Proceedings of the 2010 ACM Symposium on Applied Computing. ACM.

Digital Library

[19]

Ulrich Bayer, Christopher Kruegel, and Engin Kirda. 2006. TTAnalyze: A Tool for Analyzing Malware. In Proceedings of the 15th European Institute for Computer Antivirus Research Annual Conference (EICAR 2006).

[20]

Fabrice Bellard. 2005. QEMU, a Fast and Portable Dynamic Translator. In USENIX Annual Technical Conference, FREENIX Track.

Digital Library

[21]

Jeremy Blackthorne, Alexei Bulazel, Andrew Fasano, Patrick Biernat, and Bülent Yener. 2016. AVLeak: Fingerprinting Antivirus Emulators Through Black-Box Testing. In WOOT'16 Proceedings of the 10th USENIX Workshop on Offensive Technologies. USENIX.

Digital Library

[22]

Jeremy Blackthorne, Benjamin Fuller, Benjamin Kaiser, and Bülent Yener. 2017. Environmental Authentication in Malware. In Latincrypt 2017.

[23]

Jeremy Blackthorne, Benjamin Kaiser, and Bülent Yener. 2016. A Formal Framework for Environmentally Sensitive Malware. In International Symposium on Research in Attacks, Intrusions, and Defenses. Springer.

[24]

Jacob Boomgaarden, Joshua Corney, Holly Whittaker, George Dinolt, and John McEachen. 2015. Challenges in Emulating Sensor and Resource-Based State Changes for Android Malware Detection. In 2015 9th International Conference on Signal Processing and Communication Systems (ICSPCS). IEEE.

[25]

Jacob Boomgaarden, Joshua Corney, Holly Whittaker, George Dinolt, and John McEachen. 2016. Mobile Konami Codes: Analysis of Android Malware Services Utilizing Sensor and Resource-Based State Changes. In 2016 49th Hawaii International Conference on System Sciences (HICSS). IEEE.

Digital Library

[26]

Michael Brengel, Michael Backes, and Christian Rossow. 2016. Detecting Hardware-Assisted Virtualization. In Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA).

Digital Library

[27]

Tom Brosch and Maik Morgenstern. 2006. Runtime Packers: The Hidden Problem? (2006). Talk at Black Hat 2006, Las Vegas, NV.

[28]

Gerald Brown, Matthew Carlyle, Javier Salmerón, and Kevin Wood. 2006. Defending Critical Infrastructure. Interfaces 36, 6 (2006).

[29]

David Brumley, Cody Hartwig, Zhenkai Liang, James Newsome, Dawn Song, and Heng Yin. 2008. Automatically Identifying Trigger-based Behavior in Malware. In Botnet Detection. Springer.

[30]

Alexei Bulazel. 2016. AVLeak: Fingerprinting Antivirus Emulators For Advanced Malware Evasion. (2016). Talk at Black Hat 2016, Las Vegas, NV.

[31]

Elie Bursztein, Artem Malyshey, Tadek Pietraszek, and Kurt Thomas. 2016. Picasso: Lightweight Device Class Fingerprinting for Web Clients. In Workshop on Security and Privacy in Smartphones and Mobile Devices.

Digital Library

[32]

Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, and Engin Kirda. 2016. CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes. In Financial Cryptography and Data Security (FC).

[33]

Lorenzo Cavallaro, Prateek Saxena, and R. Sekar. 2007. Anti-Taint-Analysis: Practical Evasion Techniques Against Information Flow Based Malware Defense. Technical Report. Secure Systems Lab at Stony Brook University.

[34]

Ping Chen, Christophe Huygens, Lieven Desmet, and Wouter Joosen. 2016. Advanced or Not? A Comparative Study of the Use of Anti-debugging and Anti-VM Techniques in Generic and Targeted Malware. In IFIP International Information Security and Privacy Conference. Springer.

[35]

Ping Chen, Xiao Xing, Bing Mao, and Li Xie. 2010. Return-Oriented Rootkit without Returns (on the x86). In International Conference on Information and Communications Security. Springer.

Digital Library

[36]

Xu Chen, Jon Andersen, Z. Morley Mao, Michael Bailey, and Jose Nazario. 2008. Towards an Understanding of Anti-virtualization and Anti-debugging Behavior in Modern Malware. In 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN). IEEE.

[37]

Mihai Christodorescu and Somesh Jha. 2004. Testing Malware Detectors. ACM SIGSOFT Software Engineering Notes 29, 4 (2004).

Digital Library

[38]

Zi Chu, Steven Gianvecchio, Aaron Koehl, Haining Wang, and Sushil Jajodia. 2013. Blog or block: Detecting blog bots through behavioral biometrics. Computer Networks 57, 3 (2013).

Digital Library

[39]

Christian S. Collberg and Clark Thomborson. 2002. Watermarking, Tamper-Proofing, and Obfuscation-Tools For Software Protection. IEEE Transactions on Software Engineering 28, 8 (2002).

Digital Library

[40]

Marco Cova, Christopher Kruegel, and Giovanni Vigna. 2010. Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code. In Proceedings of the 19th International Conference on World Wide Web. ACM.

Digital Library

[41]

Jedidiah R Crandall, Gary Wassermann, Daniela AS de Oliveira, Zhendong Su, S Felix Wu, and Frederic T Chong. 2006. Temporal Search: Detecting Hidden Malware Timebombs with Virtual Machines. In Conference on Architectural Support for Programming Languages and OS.

Digital Library

[42]

Dino Dai Zovi. 2006. Hardware Virtualization Rootkits. (2006). Talk at Black Hat 2006, Las Vegas, NV.

[43]

Zhui Deng, Xiangyu Zhang, and Dongyan Xu. 2013. SPIDER: Stealthy Binary Program Instrumentation and Debugging Via Hardware Virtualization. In Proceedings of the 29th Annual Computer Security Applications Conference. ACM.

Digital Library

[44]

Anthony Desnos, Éric Filiol, and Ivan Lefou. 2011. Detecting (and creating!) a HVM rootkit (aka BluePill-like). Journal in Computer Virology 7, 1 (2011).

Digital Library

[45]

Wenrui Diao, Xiangyu Liu, Zhou Li, and Kehuan Zhang. 2016. Evading Android Runtime Analysis Through Detecting Programmed Interactions. In WiSec '16 Proceedings of the 9th ACM Conference on Security Privacy in Wireless and Mobile Networks.

Digital Library

[46]

Artem Dinaburg, Paul Royal, Monirul Sharif, and Wenke Lee. 2008. Ether: Malware Analysis via Hardware Virtualization Extensions. In CCS '08 Proceedings of the 15th ACM Conference on Computer and Communications Security.

Digital Library

[47]

Julius Dizon, Lennard Galang, and Marvin Cruz. 2010. Understanding WMI Malware. Technical Report. Trend Micro.

[48]

Brendan Dolan-Gavitt, Patrick Hulin, Engin Kirda, Tim Leek, Andrea Mambretti, Wil Robertson, Frederick Ulrich, and Ryan Whelan. 2016. LAVA: Large-scale Automated Vulnerability Addition. In Proceedings of the 2016 IEEE Symposium on Security and Privacy (S&P 2016).

[49]

Brendan Dolan-Gavitt and Yacin Nadji. 2010. See No Evil: Evasions in Honeymon-key Systems. Technical Report.

[50]

Peter Eckersley. 2010. How Unique Is Your Web Browser?. In International Symposium on Privacy Enhancing Technologies Symposium. Springer.

Digital Library

[51]

Robert Edmonds, Paul Royal, Mitch Halpin, Wenke Lee, and David Dagon. 2006. PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware. 2006 22nd Computer Security Applications Conference (2006).

Digital Library

[52]

Manuel Egele, Scholte Theodoor, Engin Kirda, and Christopher Kruegel. 2012. A Survey on Automated Dynamic Malware Analysis Techniques and Tools. ACM Computing Surveys (CSUR) 44, 2 (2012).

Digital Library

[53]

Karim O Elish, Xiaokui Shu, Danfeng Daphne Yao, Barbara G Ryder, and Xuxian Jiang. 2015. Profiling User-Trigger Dependence for Android Security. Computers & Security 49 (2015).

Digital Library

[54]

Shawn Embleton, Sherri Sparks, and Cliff C Zou. 2013. SMM Rootkits: A New Breed of OS Independent Malware. Security and Communication Networks 6, 12 (2013).

[55]

Olivier Ferrand. 2015. How to detect the Cuckoo Sandbox and to Strengthen it? Journal of Computer Virology and Hacking Techniques 11, 1 (2015).

[56]

Peter Ferrie. 2006. Attacks on Virtual Machine Emulators. Technical Report. Symantec Advanced Threat Research.

[57]

Peter Ferrie. 2007. Attacks on More Virtual Machine Emulators. Technical Report. Symantec Advanced Threat Research.

[58]

Peter Ferrie. 2016. A Brief Description of Some Popular Copy-Protection Techniques on the Apple }{ Platform. PoC // GTFO 10:7 (2016).

[59]

Dan Fleck, Arnur Tokhtabayev, Alex Alarif, Angelos Stavrou, and Tomas Nykodym. 2013. PyTrigger: A System to Trigger & Extract User-Activated Malware Behavior. In Proceedings of the Eighth International Conference on Availability, Reliability and Security (ARES'13). IEEE.

Digital Library

[60]

Jason Franklin, Mark Luk, Jonathan M McCune, Arvind Seshadri, Adrian Perrig, and Leendert Van Doorn. 2008. Remote Detection of Virtual Machine Monitors with Fuzzy Benchmarking. ACM SIGOPS Operating Systems Review 42, 3 (2008).

Digital Library

[61]

Yanick Fratantonio, Antonio Bianchi, William Robertson, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. 2016. TriggerScope: Towards Detecting Logic Bombs in Android Apps. In Proceedings of the IEEE Symposium on Security and Privacy (S&P). San Jose, CA.

[62]

Xiang Fu. 2016. On Detecting Environment Sensitivity Using Slicing. Theoretical Computer Science (2016).

[63]

Michael N Gagnon, Stephen Taylor, and Anup K Ghosh. 2007. Software Protection through Anti-Debugging. IEEE Security & Privacy 5, 3 (2007).

Digital Library

[64]

Jyoti Gajrani, Jitendra Sarswat, Meenakshi Tripathi, Vijay Laxmi, MS Gaur, and Mauro Conti. 2015. A Robust Dynamic Analysis System Preventing SandBox Detection by Android Malware. In Proceedings of the 8th International Conference on Security of Information and Networks. ACM.

[65]

Tal Garfinkel, Keith Adams, Andrew Warfield, and Jason Franklin. 2007. Compatibility is Not Transparency: VMM Detection Myths and Realities. In HOTOS'07 Proceedings of the 11th USENIX Workshop on Hot Topics in Operating Systems.

Digital Library

[66]

Steven Gianvecchio, Zhenyu Wu, Mengjun Xie, and Haining Wang. 2009. Battle of Botcraft: Fighting Bots in Online Games with Human Observational Proofs. In CCS '09 Proceedings of the 16th ACM Conference on Computer and Communications Security. ACM.

Digital Library

[67]

Christian Gorecki, Felix C Freiling, Kührer Marc, and Thorsten Holz. 2011. TRUMANBOX: Improving Dynamic Malware Analysis by Emulating the Internet. In SSS'11 Proceedings of the 13th International Symposium on Stabilization, Safety, and Security of Distributed Systems.

Digital Library

[68]

Matt Graeber. 2015. Abusing Windows Management Instrumentation (WMI) to Build a Persistent, Asynchronous, and Fileless Backdoor. (2015). Talk at Black Hat 2015, Las Vegas, NV.

[69]

Bernhard Grill, Andrei Bacs, Christian Platzer, and Herbert Bos. 2015. 'Nice Boots!': A Large-Scale Analysis of Bootkits and New Ways to Stop Them. In Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA).

Digital Library

[70]

Juan Andrés Guerrero-Saade. 2015. The Ethics And Perils of APT Research: An Unexpected Transition Into Intelligence Brokerage. (2015). Talk at Virus Bulletin International Conference 2015, Prague, Czech Republic.

[71]

Grant Ho, Dan Boneh, Lucas Ballard, and Niels Provos. 2014. Tick Tock: Building Browser Red Pills from Timing Side Channels. In WOOT'14 Proceedings of the 8th USENIX Workshop on Offensive Technologies.

Digital Library

[72]

Thorsten Holz, Markus Engelberth, and Felix Freiling. 2009. Learning More About the Underground Economy: A Case-Study of Keyloggers and Dropzones. In European Symposium on Research in Computer Security. Springer.

Digital Library

[73]

Thorsten Holz and Frederic Raynal. 2005. Detecting Honeypots and other suspicious environments. In Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC.

[74]

Martin Hron and Jakub Jermář. 2014. SafeMachine: malware needs love, too. (2014). Talk at Virus Bulletin International Conference 2014, Seattle, WA.

[75]

Ralf Hund, Thorsten Holz, and Felix C Freiling. 2009. Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms. In Proceedings of the 18th USENIX Security Symposium (USENIX Security '09).

Digital Library

[76]

Médéric Hurier, Kevin Allix, Tegawendé François D Assise Bissyande, Jacques Klein, and Yves Le Traon. 2016. On the Lack of Consensus in Anti-Virus Decisions: Metrics and Insights on Building Ground Truths of Android Malware. In Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Springer.

Digital Library

[77]

Bhushan Jain, Mirza Basim Baig, Dongli Zhang, Donald E Porter, and Radu Sion. 2014. SoK: Introspections on Trust and the Semantic Gap. In Proceedings of the 2014 IEEE Symposium on Security and Privacy (S&P 2014). IEEE.

Digital Library

[78]

Christopher Jämthagen, Patrik Lantz, and Martin Hell. 2013. A new instruction overlapping technique for anti-disassembly and obfuscation of x86 binaries. In WATeR 2013: The First Workshop on Anti-malware Testing Research. IEEE.

[79]

Jiyong Jang, David Brumley, and Shobha Venkataraman. 2011. BitShred: Feature Hashing Malware for Scalable Triage and Semantic Analysis. In CCS '11 Proceedings of the 18th ACM Conference on Computer and Communications Security. ACM.

Digital Library

[80]

Jing Jin, Jeff Offutt, Nan Zheng, Feng Mao, Aaron Koehl, and Haining Wang. 2013. Evasive Bots Masquerading as Human Beings on the Web. In 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE.

Digital Library

[81]

Yiming Jing, Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu. 2014. Morpheus: Automatically Generating Heuristics to Detect Android Emulators. In Proceedings of the 30th Annual Computer Security Applications Conference. ACM.

Digital Library

[82]

Noah M Johnson, Juan Caballero, Kevin Zhijie Chen, Stephen McCamant, Pongsin Poosankam, Daniel Reynaud, and Dawn Song. 2011. Differential Slicing: Identifying Causal Execution Differences for Security Applications. In Proceedings of the 2011 IEEE Symposium on Security and Privacy (S&P 2011). IEEE.

Digital Library

[83]

Ryan Johnson and Angelos Stavrou. 2013. Forced-Path Execution for Android Applications on x86 Platforms. In 2013 IEEE 7th International Conference on Software Security and Reliability-Companion (SERE-C). IEEE.

Digital Library

[84]

Ah Reum Kang, Jiyoung Woo, Juyong Park, and Huy Kang Kim. 2013. Online game bot detection based on party-play log analysis. Computers & Mathematics with Applications 65, 9 (2013).

[85]

Min Gyung Kang, Pongsin Poosankam, and Heng Yin. 2007. Renovo: A Hidden Code Extractor for Packed Executables. In Proceedings of the 2007 ACM workshop on Recurring malcode. ACM.

Digital Library

[86]

Min Gyung Kang, Heng Yin, Steve Hanna, Stephen McCamant, and Dawn Song. 2009. Emulating Emulation-Resistant Malware. In VMSec '09 Proceedings of the 1st ACM Workshop on Virtual Machine Security.

Digital Library

[87]

Alex Kantchelian, Michael Carl Tschantz, Sadia Afroz, Brad Miller, Vaishaal Shankar, Rekha Bachwani, Anthony D Joseph, and JD Tygar. 2015. Better Malware Ground Truth: Techniques for Weighting Anti-Virus Vendor Labels. In Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security. ACM.

Digital Library

[88]

Alexandros Kapravelos, Marco Cova, Christopher Kruegel, and Giovanni Vigna. 2011. Escape from Monkey Island: Evading High-Interaction Honeyclients. In Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Springer.

Digital Library

[89]

Alexandros Kapravelos, Chris Grier, Neha Chachra, Christopher Kruegel, Giovanni Vigna, and Vern Paxson. 2014. Hulk: Eliciting Malicious Behavior in Browser Extensions. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security '14).

Digital Library

[90]

Alexandros Kapravelos, Yan Shoshitaishvili, Marco Cova, Christopher Kruegel, and Giovanni Vigna. 2013. Revolver: An Automated Approach to the Detection of Evasive Web-based Malware. In Proceedings of the 22nd USENIX Security Symposium (USENIX Security '13).

Digital Library

[91]

Amin Kharaz, Sajjad Arshad, Collin Mulliner, William Robertson, and Engin Kirda. 2016. UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. In Proceedings of the 25th USENIX Security Symposium (USENIX Security '16). USENIX Association, Austin, TX.

[92]

Kyungtae Kim, I Luk Kim, Chung Hwan Kim, Yonghwi Kwon, Yunhui Zheng, Xiangyu Zhang, and Dongyan Xu. 2017. J-Force: Forced Execution on JavaScript. In Proceedings of the 26th International Conference on World Wide Web.

Digital Library

[93]

Samuel T King and Peter M Chen. 2006. SubVirt: Implementing Malware With Virtual Machines. In Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P 2006). IEEE.

Digital Library

[94]

Dhilung Kirat, Vigna Giovanni, and Christopher Kruegel. 2011. BareBox: Efficient Malware Analysis on Bare-Metal. In ACSAC '11 Proceedings of the 27th Annual Computer Security Applications Conference.

Digital Library

[95]

Dhilung Kirat and Giovanni Vigna. 2015. MalGene: Automatic Extraction of Malware Analysis Evasion Signature. In CCS '15 Proceedings of the 22nd ACM Conference on Computer and Communications Security.

Digital Library

[96]

Dhilung Kirat, Giovanni Vigna, and Christopher Kruegel. 2014. BareCloud: Bare-metal Analysis-based Evasive Malware Detection. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security '14).

Digital Library

[97]

Engin Kirda, Christopher Kruegel, Greg Banks, Giovanni Vigna, and Richard A. Kemmerer. 2006. Behavior-based Spyware Detection. In Proceedings of the 15th USENIX Security Symposium (USENIX Security '06).

Digital Library

[98]

Avi Kivity, Yaniv Kamay, Dor Laor, Uri Lublin, and Anthony Liguori. 2007. KVM: the Linux Virtual Machine Monitor. In Proceedings of the Linux symposium, Vol. 1.

[99]

Amit Klein. 2012. Tilon: Son of Silon. https://securityintelligence.com/tilon-son-of-silon/. (2012). IBM X-Force Research.

[100]

Tadayoshi Kohno, Andre Broido, and Kimberly C Claffy. 2005. Remote physical device fingerprinting. IEEE Transactions on Dependable and Secure Computing 2, 2 (2005).

Digital Library

[101]

Clemens Kolbitsch, Engin Kirda, and Christopher Kruegel. 2011. The Power of Procrastination: Detection and Mitigation of Execution-Stalling Malicious Code. In CCS '11 Proceedings of the 18th ACM Conference on Computer and Communications Security.

Digital Library

[102]

Clemens Kolbitsch, Benjamin Livshits, Benjamin Zorn, and Christian Seifert. 2012. Rozzle: De-Cloaking Internet Malware. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (S&P 2012). IEEE.

Digital Library

[103]

Christopher Kruegel, Engin Kirda, Paolo Milani Comparetti, Ulrich Bayer, and Clemens Hlauschek. 2009. Scalable, Behavior-Based Malware Clustering. In Proceedings of the Symposium on Network And Distributed System Security (NDSS).

[104]

Boris Lau and Vanja Svajcer. 2008. Measuring virtual machine detection in malware using DSD tracer. Journal in Computer Virology 6, 3 (2008).

[105]

Kevin P Lawton. 1996. Bochs: A Portable PC Emulator For Unix/X. Linux Journal 1996, 29 (1996).

Digital Library

[106]

Kevin Leach, Chad Spensky, Westley Weimer, and Fengwei Zhang. 2016. Towards Transparent Introspection. In 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER). IEEE.

[107]

Tamas K Lengyel, Steve Maresca, Bryan D Payne, George D Webster, Sebastian Vogl, and Aggelos Kiayias. 2014. Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System. In Proceedings of the 30th Annual Computer Security Applications Conference. ACM.

Digital Library

[108]

Jinku Li, Zhi Wang, Xuxian Jiang, Michael Grace, and Sina Bahram. 2010. Defeating Return-Oriented Rootkits With "Return-Less" Kernels. In Proceedings of the 5th European Conference on Computer Systems. ACM.

Digital Library

[109]

Li Li, Alexandre Bartel, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick Mcdaniel. 2014. I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis. arXiv preprint arXiv:1404.7431 (2014).

[110]

Xiaoning Li and Kang Li. 2014. Defeating the Transparency Features of Dynamic Binary Instrumentation: The detection of DynamoRIO through introspection. (2014). Talk at Black Hat 2014, Las Vegas, NV.

[111]

Martina Lindorfer, Clemens Kolbitsch, and Paolo Milani Comparetti. 2011. Detecting Environment-Sensitive Malware. In RAID'11 Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection.

Digital Library

[112]

Dominik Maier, Tilo Müller, and Mykola Protsenko. 2014. Divide-and-Conquer: Why Android Malware Cannot Be Stopped. In Proceedings of the Ninth International Conference on Availability, Reliability and Security (ARES'14). IEEE.

Digital Library

[113]

Dominik Maier, Mykola Protsenko, and Tilo Müller. 2015. A Game of Droid and Mouse: The Threat of Split-Personality Malware on Android. Computers & Security 54 (2015).

Digital Library

[114]

Lorenzo Martignoni, Roberto Paleari, Giampaolo Fresi Roglia, and Danilo Bruschi. 2010. Testing System Virtual Machines. In Proceedings of the 19th International Symposium on Software Testing and Analysis - ISSTA '10. ACM Press, New York, New York, USA.

Digital Library

[115]

Lorenzo Martignoni, Roberto Paleari, Giampaolo Fresi Roglia, and Danilo Bruschi. 2009. Testing CPU Emulators. In Proceedings of the Eighteenth International Symposium on Software Testing and Analysis - ISSTA '09. ACM Press, New York, New York, USA.

Digital Library

[116]

Najmeh Miramirkhani, Mahathi Priya Appini, Nick Nikiforakis, and Michalis Polychronakis. 2017. Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifacts. In Proceedings of the 2017 IEEE Symposium on Security and Privacy (S&P 2017). IEEE.

[117]

Travis Morrow and Josh Pitts. 2016. Genetic Malware: Designing Payloads For Specific Targets. (2016). Talk at Infiltrate 2016, Miami, FL.

[118]

Andreas Moser, Christopher Kruegel, and Engin Kirda. 2007. Exploring Multiple Execution Paths for Malware Analysis. In Proceedings of the 2007 IEEE Symposium on Security and Privacy (S&P 2007). IEEE.

Digital Library

[119]

Andreas Moser, Christopher Kruegel, and Engin Kirda. 2007. Limits of Static Analysis for Malware Detection. In Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007). IEEE.

[120]

Alexander Moshchuk, Tanya Bragin, Steven D Gribble, and Henry M Levy. 2006. A Crawler-based Study of Spyware in the Web. In Proceedings of the Symposium on Network And Distributed System Security (NDSS).

[121]

Simone Mutti, Yanick Fratantonio, Antonio Bianchi, Luca Invernizzi, Jacopo Corbetta, Dhilung Kirat, Christopher Kruegel, and Giovanni Vigna. 2015. Bare-Droid: Large-Scale Analysis of Android Apps on Real Devices. In Proceedings of the 31st Annual Computer Security Applications Conference. ACM.

Digital Library

[122]

Jose Nazario. 2009. PhoneyC: A Virtual Client Honeypot. In LEET'09 Proceedings of the 2nd USENIX Workshop On Large-Scale Exploits And Emergent Threats, Vol. 9.

Digital Library

[123]

Sebastian Neuner, Victor Van der Veen, Martina Lindorfer, Markus Huber, Georg Merzdovnik, Martin Mulazzani, and Edgar Weippl. 2014. Enter Sandbox: Android Sandbox Comparison. arXiv preprint arXiv:1410.7749 (2014).

[124]

Anh M. Nguyen, Nabil Schear, HeeDong Jung, Apeksha Godiyal, Samuel T. King, and Hai D. Nguyen. 2009. MAVMM: Lightweight and Purpose Built VMM for Malware Analysis. In 2009 Annual Computer Security Applications Conference. IEEE.

Digital Library

[125]

Jon Oberheide. 2008. Detecting and Evading CWSandbox. https://jon.oberheide.org/blog/2008/01/15/detecting-and-evading-cwsandbox/. (2008).

[126]

Jon Oberheide and Charlie Miller. 2012. Dissecting The Android Bouncer. (2012). Talk at SummerCon 2012, Brooklyn, New York.

[127]

Tavis Ormandy. 2007. An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments. (2007). Talk at CanSecWest Applied Security Conference, Vancouver, CA.

[128]

Roberto Paleari, Lorenzo Martignoni, Giampaolo Fresi Roglia, and Danilo Bruschi. 2009. A fistful of red-pills: How to automatically generate procedures to detect CPU emulators. In WOOT'09 Proceedings of the 3rd USENIX Workshop on Offensive Technologies.

Digital Library

[129]

Michael Pearce, Sherali Zeadally, and Ray Hunt. 2013. Virtualization: Issues, Security Threats, and Solutions. ACM Computing Surveys (CSUR) 45, 2 (2013).

Digital Library

[130]

Gábor Pék, Boldizsár Bencsáth, and Levente Buttyán. 2011. nEther: In-guest Detection of Out-of-the-guest Malware Analyzers. In EUROSEC '11 Proceedings of the Fourth European Workshop on System Security.

Digital Library

[131]

Gábor Pék, Levente Buttyán, and Boldizsár Bencsáth. 2013. A Survey of Security Issues in Hardware Virtualization. ACM Computing Surveys (CSUR) 45, 3 (2013).

Digital Library

[132]

Fei Peng, Zhui Deng, Xiangyu Zhang, Dongyan Xu, Zhiqiang Lin, and Zhendong Su. 2014. X-Force: Force-Executing Binary Programs for Security Applications. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security '14).

Digital Library

[133]

Nicholas Percoco and Sean Schulte. 2012. Adventures in BouncerLand: Failures of Automated Malware Detection within Mobile Application Markets. (2012). Talk at Black Hat 2012, Las Vegas, NV.

[134]

Thanasis Petsas, Giannis Voyatzis, Elias Athanasopoulos, Michalis Polychronakis, and Sotiris Ioannidis. 2014. Rage Against the Virtual Machine: Hindering Dynamic Analysis of Android Malware. In EUROSEC '14 Proceedings of the Seventh European Workshop on System Security. ACM.

Digital Library

[135]

Mario Polino, Andrea Continella, Sebastiano Mariani, Stefano D'Alessio, Lorenzo Fontana, Fabio Gritti, and Stefano Zanero. 2017. Measuring and Defeating Anti-Instrumentation-Equipped Malware. In Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Springer.

[136]

Michalis Polychronakis, Panayiotis Mavrommatis, and Niels Provos. 2008. Ghost Turns Zombie: Exploring the Life Cycle of Web-based Malware. In LEET'08 Proceedings of the First USENIX Workshop on Large-Scale Exploits and Emergent Threats. USENIX Association, Berkeley, CA, USA.

Digital Library

[137]

Thomas Raffetseder, Christopher Kruegel, and Engin Kirda. 2007. Detecting System Emulators. In International Conference on Information Security. Springer.

Digital Library

[138]

Moheeb Abu Rajab, Lucas Ballard, Nav Jagpal, Panayiotis Mavrommatis, Daisuke Nojiri, Niels Provos, and Ludwig Schmidt. 2011. Trends in Circumventing Web-Malware Detection. Technical Report. Google.

[139]

Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, and Eric Bodden. 2016. Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques. In Proceedings of the Annual Symposium on Network and Distributed System Security (NDSS).

[140]

Lars Richter. 2015. Common Weaknesses of Android Malware Analysis Frameworks. Technical Report. University of Erlangen-Nuremberg.

[141]

Phillip Rogaway. 2015. The Moral Character of Cryptographic Work. Cryptology ePrint Archive, Report 2015/1162. (2015). http://eprint.iacr.org/2015/1162.

[142]

Rolf Rolles. 2009. Unpacking Virtualization Obfuscators. In WOOT'09 Proceedings of the 3rd USENIX Workshop on Offensive Technologies.

Digital Library

[143]

Rolf Rolles. 2015. Memory Lane: Hacking Renovo. http://www.msreverseengineering.com/blog/2015/7/16/hacking-renovo. (2015).

[144]

Lee M Rossey, Robert K Cunningham, David J Fried, Jesse C Rabek, Richard P Lippmann, Joshua W Haines, and Marc A Zissman. 2002. LARIAT: Lincoln Adaptable Real-time. Information Assurance Testbed. In Aerospace Conference Proceedings, 2002. IEEE, Vol. 6. IEEE.

[145]

Christian Rossow, Christian J Dietrich, Chris Grier, Christian Kreibich, Vern Paxson, Norbert Pohlmann, Herbert Bos, and Maarten Van Steen. 2012. Prudent Practices for Designing Malware Experiments: Status Quo and Outlook. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (S&P 2012). IEEE.

Digital Library

[146]

Kevin A Roundy and Barton P Miller. 2013. Binary-Code Obfuscations in Prevalent Packer Tools. ACM Computing Surveys (CSUR) 46, 1 (2013).

Digital Library

[147]

Paul Royal. 2012. Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis. (2012). Talk at Black Hat 2012, Las Vegas, NV.

[148]

Joanna Rutkowska. 2004. Red Pill... Or How To Detect VMM Using (Almost) One CPU Instruction. http://www.securiteam.com/securityreviews/6Z00H20BQS.html. (2004).

[149]

Joanna Rutkowska. 2006. Introducing Blue Pill. http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html. (2006).

[150]

Joshua Schiffman and David Kaplan. 2014. The SMM Rootkit Revisited: Fun with USB. In Proceedings of the Ninth International Conference on Availability, Reliability and Security (ARES'14). IEEE.

Digital Library

[151]

V. Selis and A. Marshall. 2015. MEDA: A Machine Emulation Detection Algorithm. In 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE), Vol. 04.

Digital Library

[152]

Monirul I Sharif, Andrea Lanzi, Jonathon T Giffin, and Wenke Lee. 2008. Impeding Malware Analysis Using Conditional Code Obfuscation. In Proceedings of the Symposium on Network And Distributed System Security (NDSS).

[153]

Tyler Shields. 2010. Anti-Debugging - A Developers View. Technical Report.

[154]

Chengyu Song and Paul Royal. 2012. Flowers for Automated Malware Analysis. (2012). Talk at Black Hat 2012, Las Vegas, NV.

[155]

Dawn Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min Gyung Kang, Zhenkai Liang, James Newsome, and Pongsin Poosankam. 2008. BitBlaze: A New Approach to Computer Security via Binary Analysis. In Proceedings of the 4th International Conference on Information Systems Security (ICISS).

Digital Library

[156]

Chad Spensky, Hongyi Hu, and Kevin Leach. 2016. LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis. In Proceedings of the Annual Symposium on Network and Distributed System Security (NDSS).

[157]

Guillermo Suarez-Tangil, Mauro Conti, Juan E Tapiador, and Pedro Peris-Lopez. 2014. Detecting Targeted Smartphone Malware with Behavior-Triggering Stochastic Models. In European Symposium on Research in Computer Security. Springer.

[158]

Ke Sun, Xiaoning Li, and Ya Ou. 2016. Break Out of The Truman Show: Active Detection and Escape of Dynamic Binary Instrumentation. (2016). Talk at Black Hat Asia 2016, Singapore, Singapore.

[159]

Kimberly Tam, Salahuddin J Khan, Aristide Fattori, and Lorenzo Cavallaro. 2015. CopperDroid: Automatic Reconstruction of Android Malware Behaviors. In Proceedings of the Symposium on Network And Distributed System Security (NDSS).

[160]

Christopher Thompson, Maria Huntley, and Chad Link. 2010. Virtualization Detection: New Strategies and Their Effectiveness. Technical Report. University of Minnesota.

[161]

Xabier Ugarte-Pedrero, Davide Balzarotti, Igor Santos, and Pablo G Bringas. 2015. SoK: Deep Packer Inspection: A Longitudinal Study of the Complexity of Run-Time Packers. In Proceedings of the 2015 IEEE Symposium on Security and Privacy (S&P 2015). IEEE.

Digital Library

[162]

Xabier Ugarte-Pedrero, Davide Balzarotti, Igor Santos, and Pablo Garcia Bringas. 2016. RAMBO: Run-Time Packer Analysis with Multiple Branch Observation. In Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Springer.

Digital Library

[163]

Phani Vadrevu and Roberto Perdisci. 2016. MAXS: Scaling Malware Execution with Sequential Multi-Hypothesis Testing. In ASIA CCS '16 Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. ACM.

Digital Library

[164]

Amit Vasudevan. 2007. WiLDCAT: An Integrated Stealth Environment For Dynamic Malware Analysis. Ph.D. Dissertation. University of Texas at Arlington.

Digital Library

[165]

Amit Vasudevan and Ramesh Yerraballi. 2004. SAKTHI: A Retargetable Dynamic Framework for Binary Instrumentation. In Hawaii International Conference in Computer Sciences.

[166]

Amit Vasudevan and Ramesh Yerraballi. 2005. Stealth Breakpoints. In 21st Annual Computer Security Applications Conference (ACSAC'05). IEEE.

Digital Library

[167]

Amit Vasudevan and Ramesh Yerraballi. 2006. Cobra: Fine-grained Malware Analysis using Stealth Localized-executions. In Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P 2006), Vol. 9.

Digital Library

[168]

Amit Vasudevan and Ramesh Yerraballi. 2006. SPiKE: Engineering Malware Analysis Tools using Unobtrusive Binary-Instrumentation. In Proceedings of the 29th Australasian Computer Science Conference. Australian Computer Society, Inc.

Digital Library

[169]

Timothy Vidas and Nicolas Christin. 2014. Evading Android Runtime Analysis via Sandbox Detection. In Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security. ACM.

Digital Library

[170]

Timothy Vidas, Jiaqi Tan, Jay Nahata, Chaur Lih Tan, Nicolas Christin, and Patrick Tague. 2014. A5: Automated Analysis of Adversarial Android Applications. In Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices (SPSM '14). ACM.

Digital Library

[171]

Giovanni Vigna. 2014. Now You See Me, Now You Don't: Chasing Evasive Malware. https://www.slideshare.net/lastlinesecurity/ip-expo-oct-2014. (2014).

[172]

Sebastian Vogl, Jonas Pfoh, Thomas Kittel, and Claudia Eckert. 2014. Persistent Data-only Malware: Function Hooks without Code. In Proceedings of the Symposium on Network And Distributed System Security (NDSS).

[173]

Heinrich Von Stackelberg. 1952. The Theory of The Market Economy. Oxford University Press.

[174]

Yi-Min Wang, Doug Beck, Xuxian Jiang, Roussi Roussev, Chad Verbowski, Shuo Chen, and Sam King. 2006. Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. In Proceedings of the Annual Symposium on Network and Distributed System Security (NDSS).

[175]

Ollie Whitehouse. 2014. Introduction to Anti-Fuzzing: A Defence in Depth Aid. (2014). https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2014/january/introduction-to-anti-fuzzing-a-defence-in-depth-aid/

[176]

Andre Wichmann and Elmar Gerhards-Padilla. 2012. Using Infection Markers as a Vaccine against Malware Attacks. In 2012 IEEE International Conference on Green Computing and Communications (GreenCom). IEEE.

Digital Library

[177]

Carsten Willems, Thorsten Holz, and Felix Freiling. 2007. Toward Automated Dynamic Malware Analysis Using CWSandbox. IEEE Security and Privacy Magazine 5, 2 (2007).

Digital Library

[178]

Carsten Willems, Ralf Hund, Andreas Fobian, Dennis Felsch, Thorsten Holz, and Amit Vasudevan. 2012. Down to the Bare Metal: Using Processor Features for Binary Analysis. In Proceedings of the 28th Annual Computer Security Applications Conference. ACM.

Digital Library

[179]

Michelle Y. Wong and David Lie. 2016. IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware. In Proceedings of the Annual Symposium on Network and Distributed System Security (NDSS).

[180]

Christian Wressnegger, Fabian Yamaguchi, Daniel Arp, and Konrad Rieck. 2016. Comprehensive Analysis and Detection of Flash-based Malware. In Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA).

Digital Library

[181]

Zhaoyan Xu, Jialong Zhang, Guofei Gu, and Zhiqiang Lin. 2013. AUTOVAC: Automatically Extracting System Resource Constraints and Generating Vaccines for Malware Immunization. In 2013 IEEE 33rd International Conference on Distributed Computing Systems (ICDCS). IEEE.

Digital Library

[182]

Zhaoyan Xu, Jialong Zhang, Guofei Gu, and Zhiqiang Lin. 2014. GoldenEye: Efficiently and Effectively Unveiling Malware's Targeted Environment. In RAID'14 Proceedings of the 17th International Symposium on Recent Advances in Intrusion Detection.

[183]

Lok-kwong Yan, Manjukumar Jayachandra, Mu Zhang, and Heng Yin. 2012. V2E: Combining Hardware Virtualization and Software Emulation for Transparent and Extensible Malware Analysis. In VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS Conference on Virtual Execution Environments.

Digital Library

[184]

Wei Yan, Zheng Zhang, and Nirwan Ansari. 2008. Revealing Packed Malware. IEEE Security & Privacy 6, 5 (2008).

Digital Library

[185]

Heng Yin and Dawn Song. 2010. TEMU: Binary Code Analysis via Whole-System Layered Annotative Execution. Technical Report. EECS Department, University of California, Berkeley.

[186]

Akira Yokoyama, Kou Ishii, Rui Tanabe, Yinmin Papa, Katsunari Yoshioka, Tsutomu Matsumoto, Takahiro Kasama, Daisuke Inoue, Michael Brengel, Michael Backes, and Christian Rossow. 2016. SandPrint: Fingerprinting Malware Sandboxes to Provide Intelligence for Sandbox Evasion. In RAID'16 Proceedings of the 19th International Symposium on Recent Advances in Intrusion Detection. ACM.

[187]

Katsunari Yoshioka, Yoshihiko Hosobuchi, Tatsunori Orii, and Tsutomu Matsumoto. 2011. Your Sandbox is Blinded: Impact of Decoy Injection to Public Malware Analysis Systems. Journal of Information Processing 19 (2011).

[188]

Ilsun You and Kangbin Yim. 2010. Malware Obfuscation Techniques: A Brief Survey. In 2010 International Conference on Broadband, Wireless Computing, Communication and Applications.

Digital Library

[189]

Adam Young and Moti Yung. 2004. Malicious Cryptography: Exposing Cryptovirology. John Wiley & Sons.

Digital Library

[190]

Fengwei Zhang, Kevin Leach, Angelos Stavrou, Haining Wang, and Kun Sun. 2015. Using Hardware Features for Increased Debugging Transparency. In Proceedings of the 2015 IEEE Symposium on Security and Privacy (S&P 2015). IEEE.

Digital Library

[191]

Fengwei Zhang, Kevin Leach, Kun Sun, and Angelos Stavrou. 2013. SPECTRE: A Dependable Introspection Framework via System Management Mode. In 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE.

Digital Library

[192]

Cong Zheng, Shixiong Zhu, Shuaifu Dai, Guofei Gu, Xiaorui Gong, Xinhui Han, and Wei Zou. 2012. SmartDroid: an Automatic System for Revealing UI-based Trigger Conditions in Android Applications. In Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. ACM.

Digital Library

Cited By

Caporaso PBianchi GQuaglia F(2024)JITScanner: Just-in-Time Executable Page Check in the Linux Operating SystemApplied Sciences10.3390/app1405191214:5(1912)Online publication date: 26-Feb-2024
https://doi.org/10.3390/app14051912
Sandborn MStoebner ZWeimer WForrest SDougherty RWhite JLeach K(2024)Reducing Malware Analysis Overhead With CoveringsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.334632821:4(4133-4146)Online publication date: Jul-2024
https://doi.org/10.1109/TDSC.2023.3346328
Varlioglu SElsayed NVarlioglu EOzer MElSayed Z(2024)The Pulse of Fileless Cryptojacking Attacks: Malicious PowerShell ScriptsSoutheastCon 202410.1109/SoutheastCon52093.2024.10500068(571-580)Online publication date: 15-Mar-2024
https://doi.org/10.1109/SoutheastCon52093.2024.10500068
Show More Cited By

Index Terms

A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion: PC, Mobile, and Web
1. Security and privacy

Recommendations

MalGene: Automatic Extraction of Malware Analysis Evasion Signature
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Automated dynamic malware analysis is a common approach for detecting malicious software. However, many malware samples identify the presence of the analysis environment and evade detection by not performing any malicious activity. Recently, an approach ...
Malware Dynamic Analysis Evasion Techniques: A Survey

The cyber world is plagued with ever-evolving malware that readily infiltrate all defense mechanisms, operate viciously unbeknownst to the user, and surreptitiously exfiltrate sensitive data. Understanding the inner workings of such malware provides a ...
UBER: Combating Sandbox Evasion via User Behavior Emulators
Information and Communications Security
Abstract
Sandbox-enabled dynamic malware analysis has been widely used by cyber security teams to handle the threat of malware. Correspondingly, malware authors have developed various anti-sandbox techniques to evade the analysis. Most of those evasion ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ROOTS: Proceedings of the 1st Reversing and Offensive-oriented Trends Symposium

November 2017

95 pages

ISBN:9781450353212

DOI:10.1145/3150376

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

TU Wien: TU Wien

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 November 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ROOTS

ROOTS: Reversing and Offensive-oriented Trends Symposium

November 16 - 17, 2017

Vienna, Austria

Acceptance Rates

ROOTS Paper Acceptance Rate 8 of 13 submissions, 62%;

Overall Acceptance Rate 16 of 26 submissions, 62%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

72
Total Citations
View Citations
1,732
Total Downloads

Downloads (Last 12 months)162
Downloads (Last 6 weeks)6

Reflects downloads up to 04 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Caporaso PBianchi GQuaglia F(2024)JITScanner: Just-in-Time Executable Page Check in the Linux Operating SystemApplied Sciences10.3390/app1405191214:5(1912)Online publication date: 26-Feb-2024
https://doi.org/10.3390/app14051912
Sandborn MStoebner ZWeimer WForrest SDougherty RWhite JLeach K(2024)Reducing Malware Analysis Overhead With CoveringsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.334632821:4(4133-4146)Online publication date: Jul-2024
https://doi.org/10.1109/TDSC.2023.3346328
Varlioglu SElsayed NVarlioglu EOzer MElSayed Z(2024)The Pulse of Fileless Cryptojacking Attacks: Malicious PowerShell ScriptsSoutheastCon 202410.1109/SoutheastCon52093.2024.10500068(571-580)Online publication date: 15-Mar-2024
https://doi.org/10.1109/SoutheastCon52093.2024.10500068
Adedayo-Ajayi VOluwaseun Ogundokun RAkande HNathanial Babatunde ADubem DTunbosun AKolawole Ojo A(2024)Development of Malware Detection Using Machine Learning2024 International Conference on Science, Engineering and Business for Driving Sustainable Development Goals (SEB4SDG)10.1109/SEB4SDG60871.2024.10630194(1-4)Online publication date: 2-Apr-2024
https://doi.org/10.1109/SEB4SDG60871.2024.10630194
Kumaralingam TWijayasekara S(2024)Empowering Cybersecurity: Unveiling the Art of Identifying and Thwarting Malicious Tactics Within the Sandbox Environment2024 21st International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON)10.1109/ECTI-CON60892.2024.10594974(1-5)Online publication date: 27-May-2024
https://doi.org/10.1109/ECTI-CON60892.2024.10594974
McElroy S(2024)Identifying Android Banking Malware Through Measurement of User Interface Complexity2024 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR61664.2024.10679403(348-353)Online publication date: 2-Sep-2024
https://doi.org/10.1109/CSR61664.2024.10679403
Geng JWang JFang ZZhou YWu DGe W(2024)A survey of strategy-driven evasion methods for PE malwareComputers and Security10.1016/j.cose.2023.103595137:COnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103595
Asmitha KPuthuvath VRafidha Rehiman KAnanth S(2024)Deep learning vs. adversarial noise: a battle in malware image analysisCluster Computing10.1007/s10586-024-04397-427:7(9191-9220)Online publication date: 17-Apr-2024
https://doi.org/10.1007/s10586-024-04397-4
Pahlevani PAnagnostopoulos MAnik HIqbal H(2024)The Impact of Network Configuration on Malware BehaviourProceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media10.1007/978-981-99-6974-6_6(91-104)Online publication date: 18-Feb-2024
https://doi.org/10.1007/978-981-99-6974-6_6
Gavrila RZacharis A(2024)Advancements in Malware Evasion: Analysis Detection and the Future Role of AIMalware10.1007/978-3-031-66245-4_12(275-297)Online publication date: 5-Jul-2024
https://doi.org/10.1007/978-3-031-66245-4_12
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents