Title :
Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware
Author :
Chen, Xu ; Andersen, Jon ; Mao, Z. Morley ; Bailey, Michael ; Nazario, Jose
Author_Institution :
Michigan Univ., Ann Arbor, MI
Abstract :
Many threats that plague todaypsilas networks (e.g., phishing, botnets, denial of service attacks) are enabled by a complex ecosystem of attack programs commonly called malware. To combat these threats, defenders of these networks have turned to the collection, analysis, and reverse engineering of malware as mechanisms to understand these programs, generate signatures, and facilitate cleanup of infected hosts. Recently however, new malware instances have emerged with the capability to check and often thwart these defensive activities - essentially leaving defenders blind to their activities. To combat this emerging threat, we have undertaken a robust analysis of current malware and developed a detailed taxonomy of malware defender fingerprinting methods. We demonstrate the utility of this taxonomy by using it to characterize the prevalence of these avoidance methods, to generate a novel fingerprinting method that can assist malware propagation, and to create an effective new technique to protect production systems.
Keywords :
fingerprint identification; invasive software; system monitoring; attack programs; fingerprinting method; malware; reverse engineering; Computer crime; Computerized monitoring; Ecosystems; Fingerprint recognition; Production systems; Protection; Reconnaissance; Reverse engineering; Taxonomy; Virtual machining;
Conference_Titel :
Dependable Systems and Networks With FTCS and DCC, 2008. DSN 2008. IEEE International Conference on
Conference_Location :
Anchorage, AK
Print_ISBN :
978-1-4244-2397-2
Electronic_ISBN :
978-1-4244-2398-9
DOI :
10.1109/DSN.2008.4630086
