A Framework for Understanding Dynamic Anti-Analysis Defenses

Jing Qiu, Babak Yadegari, Brian Johannesmeyer, Saumya Debray, Xiaohong Su
2014 Proceedings of the 4th Program Protection and Reverse Engineering Workshop on 4th Program Protection and Reverse Engineering Workshop - PPREW-4  
Malicious code often use a variety of anti-analysis and antitampering defenses to hinder analysis. Researchers trying to understand the internal logic of the malware have to penetrate these defenses. Existing research on such antianalysis defenses tend to study them in isolation, thereby failing to see underlying conceptual similarities between different kinds of anti-analysis defenses. This paper proposes an information-flow-based framework that encompasses a wide variety of anti-analysis
more » ... ses. We illustrate the utility of our approach using two different instances of this framework: self-checksumming-based anti-tampering defenses and timing-based emulator detection. Our approach can provide insights into the underlying structure of various antianalysis defenses and thereby help devise techniques for neutralizing them.
doi:10.1145/2689702.2689704 dblp:conf/acsac/QiuYJDS14 fatcat:yt6sokgqxbfzlnatdou3g5nlpy