Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
DSN
2005
IEEE
2005
IEEE
Detecting Stealth Software with Strider GhostBuster
Stealth malware programs that silently infect enterprise and consumer machines are becoming a major threat to the future of the Internet [XZ04]. Resource hiding is a powerful stealth technique commonly used by malware to evade detection by computer users and antimalware scanners. In this paper, we focus on a subclass of malware, termed “ghostware”, which hide files, configuration settings, processes, and loaded modules from the operating system’s query and enumeration Application Programming Interfaces (APIs). Instead of targeting individual stealth implementations, we describe a systematic framework for detecting multiple types of hidden resources by leveraging the hiding behavior as a detection mechanism. Specifically, we adopt a cross-view diff-based approach to ghostware detection by comparing a high-level infected scan with a low-level clean scan and alternatively comparing an inside-the-box infected scan with an outside-the-box clean scan. We describe the design and implem...
Real-time Traffic| Added | 24 Jun 2010 |
| Updated | 24 Jun 2010 |
| Type | Conference |
| Year | 2005 |
| Where | DSN |
| Authors | Yi-Min Wang, Doug Beck, Binh Vo, Roussi Roussev, Chad Verbowski |
Comments (0)
Researcher Info
|
