887 Hits in 5.0 sec

Attacks on Visualization-Based Malware Detection: Balancing Effectiveness and Executability [article]

Hadjer Benkraouda, Jingyu Qian, Hung Quoc Tran, Berkay Kaplan
2021 arXiv   pre-print
Attackers can generate adversarial examples by perturbing the malware binary in non-reachable regions, such as padding at the end of the binary.  ...  Alternatively, attackers can perturb the malware image embedding and then verify the executability of the malware post-transformation.  ...  In particular, metamorphism allows the malware to change its opcode with each execution of the infected program. Alam et al.  ... 
arXiv:2109.10417v1 fatcat:wawxg2qwzjftpfyoqgttgwm2om

Symbolic Execution and Debugging Synchronization [article]

Andrea Fioraldi
2020 arXiv   pre-print
We implemented a synchronization mechanism on top of the binary analysis framework angr, allowing for transferring the state of the debugged process to the angr environment and back.  ...  In this thesis, we introduce the idea of combining symbolic execution with dynamic analysis for reverse engineering.  ...  In a lot of malware samples, a target point in the program can be reached only under complex conditions, like in a malware with evasion techniques, and the program state can be very complex.  ... 
arXiv:2006.16601v1 fatcat:mj4bfsbrmja3dc6dryoqhd4kpu

Exploring Multiple Execution Paths for Malware Analysis

Andreas Moser, Christopher Kruegel, Engin Kirda
2007 2007 IEEE Symposium on Security and Privacy (SP '07)  
To mitigate this problem, a number of analysis tools have been proposed that automatically extract the behavior of an unknown program by executing it in a restricted environment and recording the operating  ...  Thus, by exploring multiple execution paths, we can obtain a more complete picture of their actions.  ...  Acknowledgments This work was supported by the Austrian Science Foundation (FWF) under grant P18157, the FIT-IT project Pathfinder, and the Secure Business Austria competence center.  ... 
doi:10.1109/sp.2007.17 dblp:conf/sp/MoserKK07 fatcat:ahj7mo5pyjebldd36oijjk5mny

A Smart Fuzzer for x86 Executables

Andrea Lanzi, Lorenzo Martignoni, Mattia Monga, Roberto Paleari
2007 Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007)  
While conventional fuzzing uses random input to discover crash conditions, smart fuzzing restricts the input space by using a preliminary static analysis of the program, then refined by monitoring each  ...  The automatic identification of security-relevant flaws in binary executables is still a young but promising research area.  ...  As an example, in [12, 8] the authors describe how symbolic execution techniques can be employed to detect patterns of malware behavior in binary code, while in [13] static analysis is applied to kernel  ... 
doi:10.1109/sess.2007.1 dblp:conf/icse/LanziMMP07 fatcat:62z5ozk63jcf5mcow3erv5vwbu

Optimization-Guided Binary Diversification to Mislead Neural Networks for Malware Detection [article]

Mahmood Sharif, Keane Lucas, Lujo Bauer, Michael K. Reiter, Saurabh Shintre
2019 arXiv   pre-print
In this work, we propose an attack that guides binary-diversification tools via optimization to mislead DNNs for malware detection while preserving the functionality of binaries.  ...  Motivated by the transformative impact of deep neural networks (DNNs) on different areas (e.g., image and speech recognition), researchers and anti-virus vendors are proposing end-to-end DNNs for malware  ...  DNNs for Malware Detection In this work, we study attacks targeting two DNN architectures for detecting malware from the raw bytes of Windows binaries (i.e., executables in Portable Executable format)  ... 
arXiv:1912.09064v1 fatcat:ig5pvocysbhjjbdmka4c7xeqqe

Restricting Control Flow During Speculative Execution with Venkman [article]

Zhuojia Shen, Jie Zhou, Divya Ojha, John Criswell
2019 arXiv   pre-print
By transforming all code this way, Venkman ensures that, in any program wanting Spectre defenses, all control-flow transfers, including speculative ones, do not skip over protective instructions Venkman  ...  fences are executed to mitigate Spectre attacks.  ...  It measures both the execution time and code size of the benchmark programs.  ... 
arXiv:1903.10651v1 fatcat:s3nnq3pa5zbxfe6gqo2fvro2di

Reducing Unauthorized Modification of Digital Objects

Paul C. Van Oorschot, Glenn Wurster
2012 IEEE Transactions on Software Engineering  
To explore the viability of our proposal, we apply the approach to file-system binaries, implementing a prototype in Linux which protects operating system and application binaries on disk.  ...  We present a protection mechanism designed to protect against unauthorized replacement or modification of digital objects while still allowing authorized updates transparently.  ...  ACKNOWLEDGEMENTS We thank the anonymous referees whose comments helped improve this work, and many individuals who provided feedback on preliminary drafts of this paper.  ... 
doi:10.1109/tse.2011.7 fatcat:4jx67qc2cngoxj6uwvqhsarkey

Exploiting an antivirus interface

Kevin W. Hamlen, Vishwath Mohan, Mohammad M. Masud, Latifur Khan, Bhavani Thuraisingham
2009 Computer Standards & Interfaces  
This information is leveraged to reverse engineer relevant details of the detector's underlying signature database, revealing binary obfuscations that suffice to conceal malware from the detector.  ...  We propose a technique for defeating signature-based malware detectors by exploiting information disclosed by antivirus interfaces.  ...  C:\Windows), as well as other executables drawn from the default program installation directory (e.g., C:\Program Files) of various machines.  ... 
doi:10.1016/j.csi.2009.04.004 fatcat:eyt7am33kbf27myws3mbfv7zwm

Enclave-Aware Compartmentalization and Secure Sharing with Sirius [article]

Zahra Tarkhani, Anil Madhavapeddy
2020 arXiv   pre-print
Hardware-assisted trusted execution environments (TEEs) are critical building blocks of many modern applications.  ...  Sirius replaces ad-hoc interactions in current TEE systems with a principled approach that adds strong inter- and intra-address space isolation and effectively eliminates a wide range of attacks.  ...  Execution of enclave threads is tied to the execution of the caller thread and scheduled by the Linux kernel.  ... 
arXiv:2009.01869v3 fatcat:bgqsmluzdjdkxliiun6ttijqty

Trustworthy Execution on Mobile Devices: What Security Properties Can My Mobile Platform Give Me? [chapter]

Amit Vasudevan, Emmanuel Owusu, Zongwei Zhou, James Newsome, Jonathan M. McCune
2012 Lecture Notes in Computer Science  
We also highlight shortcomings of existing proposals and make recommendations for future research that may yield practical, deployable results.  ...  existing proposals for leveraging such primitives, and show that they can indeed strengthen the security properties available to applications and users, all without reducing the properties currently enjoyed by  ...  Acknowledgement This research was supported by CyLab at Carnegie Mellon University (CMU), Northrup Grumman Corp. and Google Inc.  ... 
doi:10.1007/978-3-642-30921-2_10 fatcat:zcq7eutfrnh55gfxty4ogow7my

Understanding the Relationship between Human Behavior and Susceptibility to Cyber Attacks

Michael Ovelgönne, Tudor Dumitras, B. Aditya Prakash, V. S. Subrahmanian, Benjamin Wang
2017 ACM Transactions on Intelligent Systems and Technology  
Our results show that there is a strong relationship between several features and the number of attempted malware attacks.  ...  For each of the 35 possible combinations (5 categories times 7 features), we studied the relationship between each of these seven features and one dependent variable, namely the number of attempted malware  ...  Other researchers may reproduce and verify our results by analyzing the reference dataset we recorded in WINE (WINE-2013-001) after signing a research agreement with Symantec.  ... 
doi:10.1145/2890509 fatcat:opmf3hnphbbtznwsbxtl7zjudi


Joan Calvet, José M. Fernandez, Jean-Yves Marion
2012 Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12  
While potentially very useful for malware analysis, the identification of such cryptographic primitives is made difficult by the fact that they are usually obfuscated.  ...  Analyzing cryptographic implementations has important applications, especially for malware analysis where they are an integral part both of the malware payload and the unpacking code that decrypts this  ...  self-modifying code, a common technique in obfuscated programs.  ... 
doi:10.1145/2382196.2382217 dblp:conf/ccs/CalvetFM12 fatcat:uk423xukynd57ks3hw4bw3r5za

Trusted Computing vs. Advanced Persistent Threats: Can a Defender Win This Game?

Nikos Virvilis, Dimitris Gritzalis, Theodoros Apostolopoulos
2013 2013 IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 2013 IEEE 10th International Conference on Autonomic and Trusted Computing  
We also focus on the issues that enabled the malware to evade detection from a wide range of security solutions and propose technical countermeasures for strengthening our defenses against similar threats  ...  In this paper we perform a technical analysis of these advanced persistent threats, highlighting particular characteristics and identifying common patterns and techniques.  ...  Thus, these samples would manage to infect hardened systems, where only digitally signed binaries were allowed to execute.  ... 
doi:10.1109/uic-atc.2013.80 dblp:conf/uic/VirvilisGA13 fatcat:fb4aplheiffytpdxjhjdn6zdie

Malware Development – Professionalization of an Ancient Art

Marc Ruef
2017 Zenodo  
Customer-specific malware can be deployed as part of a professional security check. Worms or backdoors are generally used to compromise networked systems.  ...  The malware usually collects data that is then transferred to the back-end server.  ...  With this in mind, the external code -and this is not just restricted to exploits -can be stored in compacted form in the binary of the malware.  ... 
doi:10.5281/zenodo.3521842 fatcat:vwhwkuibk5f65oglvyjby3lbmu

An Analysis of the iKee.B iPhone Botnet [chapter]

Phillip Porras, Hassen Saïdi, Vinod Yegneswaran
2010 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering  
This report details the logic and function of iKee's scripts, its configuration files, and its two binary executables, which we have reverse engineered to an approximation of their C source code implementation  ...  The iKee bot is one of the latest offerings in smartphone malware, in this case targeting jailbroken iPhones.  ...  A list of statically programmed IP ranges targeted by sshd are shown in the RANGES array in Figure 4 .  ... 
doi:10.1007/978-3-642-17502-2_12 fatcat:woym4yywirgfpg6tcszd23bzse
« Previous Showing results 1 — 15 out of 887 results