Abstract
In this book, we sought to capture the intrinsic natures in malicious behaviors, in order to build more effective automatic malware analysis systems. We proposed TEMU as a dynamic binary analysis platform. Then on top of TEMU, we proposed and built a series of novel techniques for automatic malware analysis, including Renovo, Panorama, HookFinder, and MineSweeper, for detecting and analyzing various aspects of malware. Since these techniques capture intrinsic characteristics of malware, they are well suited for dealing with new malware samples and attack mechanisms. We also systematically discussed several fundamental limitations in our proposed techniques.More concretely, we pointed out that although our analysis platform is better suited for analyzing malicious code than the other conventional ones (e.g., debugger and disassembler), malware authors may still find ways to detect and evade it. Moreover, an open problem for dynamic analysis lies in its limited test coverage. Finally, as a core analysis technique, dynamic taint analysis has several limitations, including taint explosion and implicit information flow. Such discussions shed light on future directions for automatic malware analysis.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Chow, J., Garfinkel, T., Chen, P.M.: Decoupling dynamic program analysis from execution in virtual environments. In: USENIX 2008 Annual Technical Conference, pp. 1–14 (2008)
Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: malware analysis via hardware virtualization extensions. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 51–62 (2008)
Ebringer, T.: Anti-emulation through time-lock puzzles. http://www.datasecurity-event.com/uploads/timelock.pdf
Egele, M., Kruegel, C., Kirda, E., Yin, H., Song, D.: Dynamic Spyware Analysis. In: Proceedings of the 2007 Usenix Annual Conference (Usenix’07) (2007)
Ferrie, P.: Attacks on virtual machine emulators. Symantec Security Response (2006)
Kernel-based virtual machine. http://www.linux-kvm.org/
Martignoni, L., Paleari, R., Roglia, G.F., Bruschi, D.: Testing CPU emulators. In: Proceedings of the 2009 International Conference on Software Testing and Analysis (ISSTA), Chicago, Illinois, U.S.A. ACM (2009)
Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy(Oakland’07) (2007)
Ormandy, T.: An Empirical Study into the Security Exposure to Host of Hostile Virtualized Environments. http://taviso.decsystem.org/virtsec.pdf
Raffetseder, T., Krügel, C., Kirda, E.: Detecting system emulators. In: Information Security, 10th International Conference, ISC 2007, pp. 1–18 (2007)
Slowinska, A., Bos, H.: Pointless tainting? evaluating the practicality of pointer tainting. In: Proceedings of ACM SIGOPS EUROSYS. Nuremberg, Germany (2009)
Xen. http://www.xen.org/
Yan, L.K., Jayachandra, M., Zhang, M., Yin, H.: V2E: Combining hardware virtualization and software emulation for transparent and extensible malware analysis. In: Proceedings of the Eighth Annual International Conference on Virtual Execution Environments (VEE’12) (2012)
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2013 The Author(s)
About this chapter
Cite this chapter
Yin, H., Song, D. (2013). Concluding Remarks. In: Automatic Malware Analysis. SpringerBriefs in Computer Science. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-5523-3_7
Download citation
DOI: https://doi.org/10.1007/978-1-4614-5523-3_7
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-5522-6
Online ISBN: 978-1-4614-5523-3
eBook Packages: Computer ScienceComputer Science (R0)