Title :
OmniUnpack: Fast, Generic, and Safe Unpacking of Malware
Author :
Martignoni, Lorenzo ; Christodorescu, Mihai ; Jha, Somesh
Author_Institution :
Univ. degli Studi di Milano, Milan
Abstract :
Malicious software (or malware) has become a growing threat as malware writers have learned that signature- based detectors can be easily evaded by "packing" the malicious payload in layers of compression or encryption. State-of-the-art malware detectors have adopted both static and dynamic techniques to recover the pay- load of packed malware, but unfortunately such techniques are highly ineffective. In this paper we propose a new technique, called OmniUnpack, to monitor the execution of a program in real-time and to detect when the program has removed the various layers of packing. OmniUnpack aids malware detection by directly providing to the detector the unpacked malicious payload. Experimental results demonstrate the effectiveness of our approach. OmniUnpack is able to deal with both known and unknown packing algorithms and introduces a low overhead (at most 11% for packed benign programs).
Keywords :
security of data; systems analysis; OmniUnpack; malicious software; malware; signature-based detectors; state-of-the-art malware detectors; Computer security; Cryptography; Debugging; Detectors; Emulation; Engines; Monitoring; Operating systems; Payloads; Performance analysis;
Conference_Titel :
Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual
Conference_Location :
Miami Beach, FL
Print_ISBN :
978-0-7695-3060-4
DOI :
10.1109/ACSAC.2007.15
