Sciweavers

SP
2010
IEEE

Identifying Dormant Functionality in Malware Programs

14 years 3 months ago
Identifying Dormant Functionality in Malware Programs
—To handle the growing flood of malware, security vendors and analysts rely on tools that automatically identify and analyze malicious code. Current systems for automated malware analysis typically follow a dynamic approach, executing an unknown program in a controlled environment (sandbox) and recording its runtime behavior. Since dynamic analysis platforms directly run malicious code, they are resilient to popular malware defense techniques such as packing and code obfuscation. Unfortunately, in many cases, only a small subset of all possible malicious behaviors is observed within the short time frame that a malware sample is executed. To mitigate this issue, previous work introduced techniques such as multipath or forced execution to increase the coverage of dynamic malware analysis. Unfortunately, using these techniques is potentially expensive, as the number of paths that require analysis can grow exponentially. In this paper, we propose REANIMATOR, a novel solution to determin...
Paolo Milani Comparetti, Guido Salvaneschi, Engin
Added 16 Aug 2010
Updated 16 Aug 2010
Type Conference
Year 2010
Where SP
Authors Paolo Milani Comparetti, Guido Salvaneschi, Engin Kirda, Clemens Kolbitsch, Christopher Kruegel, Stefano Zanero
Comments (0)