Fighting Evasive Malware with DVasion


Autoria(s): Gilboy, Matthew Ryan
Contribuinte(s)

Barua, Rajeev

Digital Repository at the University of Maryland

University of Maryland (College Park, Md.)

Electrical Engineering

Data(s)

22/06/2016

22/06/2016

2016

Resumo

Malware is a foundational component of cyber crime that enables an attacker to modify the normal operation of a computer or access sensitive, digital information. Despite the extensive research performed to identify such programs, existing schemes fail to detect evasive malware, an increasingly popular class of malware that can alter its behavior at run-time, making it difficult to detect using today’s state of the art malware analysis systems. In this thesis, we present DVasion, a comprehensive strategy that exposes such evasive behavior through a multi-execution technique. DVasion successfully detects behavior that would have been missed by traditional, single-execution approaches, while addressing the limitations of previously proposed multi-execution systems. We demonstrate the accuracy of our system through strong parallels with existing work on evasive malware, as well as uncover the hidden behavior within 167 of 1,000 samples.

Identificador

doi:10.13016/M2HB7D

http://hdl.handle.net/1903/18396

Idioma(s)

en

Palavras-Chave #Computer engineering #dynamic binary instrumentation #evasive malware #multi-execution
Tipo

Thesis