Sciweavers

ACNS
2009
Springer

Malyzer: Defeating Anti-detection for Application-Level Malware Analysis

14 years 7 months ago
Malyzer: Defeating Anti-detection for Application-Level Malware Analysis
Abstract. Malware analysis is critical for malware detection and prevention. To defeat malware analysis and detection, today malware commonly adopts various sophisticated anti-detection techniques, such as performing debugger, emulator, and virtual machine fingerprinting, and camouflaging its traffic as normal legitimate traffic. These mechanisms produce more and more stealthy malware that greatly challenges existing malware analysis schemes. In this work, targeting application level stealthy malware, we propose Malyzer, the key of which is to defeat malware anti-detection mechanisms at startup and runtime so that malware behavior during execution can be accurately captured and distinguished. For analysis, Malyzer always starts a copy, referred to as a shadow process, of any suspicious process on the same host by defeating all startup anti-detection mechanisms employed in the process. To defeat internal runtime anti-detection attempts, Malyzer further makes this shadow process mutual...
Lei Liu, Songqing Chen
Added 25 May 2010
Updated 25 May 2010
Type Conference
Year 2009
Where ACNS
Authors Lei Liu, Songqing Chen
Comments (0)