Sciweavers

Share
NDSS
2008
IEEE

Impeding Malware Analysis Using Conditional Code Obfuscation

11 years 11 months ago
Impeding Malware Analysis Using Conditional Code Obfuscation
Malware programs that incorporate trigger-based behavior initiate malicious activities based on conditions satisfied only by specific inputs. State-of-the-art malware analyzers discover code guarded by triggers via multiple path exploration, symbolic execution, or forced conditional execution, all without knowing the trigger inputs. We present a malware obfuscation technique that automatically conceals specific trigger-based behavior from these malware analyzers. Our technique automatically transforms a program by encrypting code that is conditionally dependent on an input value with a key derived from the input and then removing the key from the program. We have implemented a compiler-level tool that takes a malware source program and automatically generates an obfuscated binary. Experiments on various existing malware samples show that our tool can hide a significant portion of trigger based code. We provide insight into the strengths, weaknesses, and possible ways to strengthen...
Monirul I. Sharif, Andrea Lanzi, Jonathon T. Giffi
Added 01 Jun 2010
Updated 01 Jun 2010
Type Conference
Year 2008
Where NDSS
Authors Monirul I. Sharif, Andrea Lanzi, Jonathon T. Giffin, Wenke Lee
Comments (0)
books