Towards the detection of isolation-aware malware
Resumen: Malware analysis tools have evolved in the last years providing tightly controlled sandbox and virtualised environments where malware is analysed minimising potential harmful consequences. Unfortunately, malware has advanced in parallel, being currently able to recognise when is running in sandbox or virtual environments and then, behaving as a non-harmful application or even not executing at all. This kind of malware is usually called analysis-aware malware. In this paper, we propose a tool to detect the evasion techniques used by analysis-aware malware within sandbox or virtualised environments. Our tool uses Dynamic Binary Instrumentation to maintain the binary functionality while executing arbitrary code. We evaluate the tool under a set of well-known analysis-aware malware showing its current effectiveness. Finally, we discuss limitations of our proposal and future directions.
Idioma: Español
DOI: 10.1109/TLA.2016.7437254
Año: 2016
Publicado en: IEEE LATIN AMERICA TRANSACTIONS 14, 2 (2016), 1024-1036
ISSN: 1548-0992

Factor impacto JCR: 0.631 (2016)
Categ. JCR: ENGINEERING, ELECTRICAL & ELECTRONIC rank: 221 / 260 = 0.85 (2016) - Q4 - T3
Categ. JCR: COMPUTER SCIENCE, INFORMATION SYSTEMS rank: 135 / 146 = 0.925 (2016) - Q4 - T3

Factor impacto SCIMAGO: 0.227 - Computer Science (miscellaneous) (Q2) - Electrical and Electronic Engineering (Q3)

Financiación: info:eu-repo/grantAgreement/ES/MICINN/TIN2014-58457-R
Tipo y forma: Article (PostPrint)
Área (Departamento): Área Lenguajes y Sistemas Inf. (Dpto. Informát.Ingenie.Sistms.)

Creative Commons You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.


Exportado de SIDERAL (2020-02-21-13:36:52)

Este artículo se encuentra en las siguientes colecciones:
Articles



 Record created 2016-07-01, last modified 2020-02-21


Postprint:
 PDF
Rate this document:

Rate this document:
1
2
3
 
(Not yet reviewed)