DocumentCode :
2329913
Title :
Automatic Extraction of Secrets from Malware
Author :
Zhao, Ziming ; Ahn, Gail-Joon ; Hu, Hongxin
Author_Institution :
Lab. of Security Eng. for Future Comput. (SEFCOM), Arizona State Univ., Tempe, AZ, USA
fYear :
2011
fDate :
17-20 Oct. 2011
Firstpage :
159
Lastpage :
168
Abstract :
As promising results have been obtained in defeating code obfuscation techniques, malware authors have adopted protection approaches to hide malware-related data from analysis. Consequently, the discovery of internal cipher text data in malware is now critical for malware forensics and cyber-crime analysis. In this paper, we present a novel approach to automatically extract secrets from malware. Our approach identifies and extracts binary code relevant to secret hiding behaviors. Then, we relocate and reuse the extracted binary code in a self-contained fashion to reveal hidden information. We demonstrate the feasibility of our approach through a proof-of-concept prototype called ASES (Automatic and Systematic Extraction of Secrets) along with experimental results.
Keywords :
cryptography; invasive software; ASES; automatic and systematic extraction of secrets; binary code; code obfuscation; cyber-crime analysis; forensic; internal cipher text data; malware; proof-of-concept prototype; secret hiding behavior; Algorithms; Binary codes; Cryptography; Data mining; Malware; Prototypes; Runtime;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Reverse Engineering (WCRE), 2011 18th Working Conference on
Conference_Location :
Limerick
ISSN :
1095-1350
Print_ISBN :
978-1-4577-1948-6
Type :
conf
DOI :
10.1109/WCRE.2011.27
Filename :
6079838
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2329913
بازگشت