Download e-book for kindle: Automatic Malware Analysis: An Emulator Based Approach by Heng Yin

By Heng Yin

Malicious software program (i.e., malware) has develop into a serious danger to interconnected computers for many years and has brought on billions of greenbacks damages every year. a wide quantity of recent malware samples are stumbled on day-by-day. Even worse, malware is speedily evolving turning into extra refined and evasive to strike opposed to present malware research and security platforms.

Automatic Malware research presents a virtualized malware research framework that addresses universal demanding situations in malware research. with reference to this new research framework, a sequence of research options for computerized malware research is built. those ideas catch intrinsic features of malware, and are like minded for facing new malware samples and assault mechanisms.

Show description

Read or Download Automatic Malware Analysis: An Emulator Based Approach PDF

Similar network security books

Juniper Networks Secure Access SSL VPN Configuration Guide - download pdf or read online

Juniper Networks safe entry SSL VPN home equipment offer an entire variety of distant entry home equipment for the smallest businesses as much as the biggest carrier companies. As a method administrator or safeguard expert, this finished configuration advisor will let you configure those home equipment to permit distant and cellular entry for staff.

Mu Zhang, Heng Yin's Android Application Security: A Semantics and Context-Aware PDF

This SpringerBrief explains the rising cyber threats that undermine Android software safeguard. It extra explores the chance to leverage the state-of-the-art semantics and context–aware concepts to safeguard opposed to such threats, together with zero-day Android malware, deep software program vulnerabilities, privateness breach and inadequate protection warnings in app descriptions.

New PDF release: Practical Information Security Management: A Complete Guide

Create applicable, security-focused company propositions that think of the stability among fee, chance, and value, whereas beginning your trip to develop into a knowledge defense supervisor. protecting a wealth of data that explains precisely how the works at the present time, this ebook makes a speciality of how one can arrange an efficient details safeguard perform, lease the precise humans, and strike the easiest stability among defense controls, charges, and hazards.

Extra info for Automatic Malware Analysis: An Emulator Based Approach

Sample text

For the rest of the samples, UUnP encountered the exception handler routine and was unable to proceed to later execution steps. Nevertheless, note that UUnP is very efficient as it can extract most hidden code in less than 10 seconds. We obtained the analysis results of PolyUnpack [18] by submitting samples to the Malfease website [13] of which PolyUnpack operates as its sub-module. We also asked the PolyUnpack authors to run our samples against a version of PolyUnpack that handles some forms of structured exception handling in addition to the functionalities presented on the Malfease website.

Obviously, a hook H is one of the impacts made by the malicious code, and this impact finally redirects the execution control flow into the malicious code. Hence, if we are able to identify all the impacts of the malicious code, and observe one of the impacts being used to cause the execution to be redirected into the malicious code, we can determine a hook installed by the malicious code. Furthermore, we are also interested in how an impact is formulated, 46 5 Hooking Behavior Analysis for the purpose of understanding hooking mechanism.

In addition, we need to know the actual arguments that are used to call this function. The function call and its argument list can give semantic information about how the hook and what kind of hook is registered. For example, if we identify that a malicious program calls SetWindowsHookEx to register a hook, we are able to tell from the first argument what type of hook is registered. For this type of implanting mechanism, the hook graph answers the following questions: • What is the external function, including its entry address and its name?

Download PDF sample

Rated 4.68 of 5 – based on 5 votes