Fast discovery of VM-sensitive divergence points with basic block comparison

Yen Ju Liu*, Chong Kuan Chen, Michael Cheng Yi Cho, Shiuhpyng Shieh

*此作品的通信作者

研究成果: Conference contribution同行評審

摘要

To evade VM-based malware analysis systems, VM-aware malware equipped with the ability to detect the presence of virtual machine has appeared. To cope with the problem, detecting VM-aware malware and locating VM-sensitive divergence points of VM-aware malware is in urgent need. In this paper, we propose a novel block-based divergence locator. In contrast to the conventional instruction-based schemes, the block-based divergence locator divides malware program into basic blocks, instead of binary instructions, and uses them as the analysis unit. The block-based divergence locator significantly decrease the cost of behavior logging and trace comparison, as well as the size of behavior traces. As the evaluation showed, behavior logging is 23.87-39.49 times faster than the conventional schemes. The total number of analysis unit, which is highly related to the cost of trace comparisons, is 11.95%-16.00% of the conventional schemes. Consequently, VM-sensitive divergence points can be discovered more efficiently. The correctness of our divergence point discovery algorithm is also proved formally in this paper.

原文English
主出版物標題Proceedings - 8th International Conference on Software Security and Reliability, SERE 2014
發行者Institute of Electrical and Electronics Engineers Inc.
頁面196-205
頁數10
ISBN(電子)9781479942961
DOIs
出版狀態Published - 1 1月 2014
事件8th International Conference on Software Security and Reliability, SERE 2014 - San Francisco, 美國
持續時間: 30 6月 20142 7月 2014

出版系列

名字Proceedings - 8th International Conference on Software Security and Reliability, SERE 2014

Conference

Conference8th International Conference on Software Security and Reliability, SERE 2014
國家/地區美國
城市San Francisco
期間30/06/142/07/14

指紋

深入研究「Fast discovery of VM-sensitive divergence points with basic block comparison」主題。共同形成了獨特的指紋。

引用此