International Journal of Information Security

, Volume 14, Issue 3, pp 289–297

GPU-assisted malware

  • Giorgos Vasiliadis
  • Michalis Polychronakis
  • Sotiris Ioannidis
Regular Contribution

DOI: 10.1007/s10207-014-0262-9

Cite this article as:
Vasiliadis, G., Polychronakis, M. & Ioannidis, S. Int. J. Inf. Secur. (2015) 14: 289. doi:10.1007/s10207-014-0262-9

Abstract

Malware writers constantly seek new methods to increase the infection lifetime of their malicious software. To that end, techniques such as code unpacking and polymorphism have become the norm for hindering automated or manual malware analysis and evading virus scanners. In this paper, we demonstrate how malware can take advantage of the ubiquitous and powerful graphics processing unit (GPU) to increase its robustness against analysis and detection. We present the design and implementation of brute-force unpacking and runtime polymorphism, two code armoring techniques based on the general-purpose computing capabilities of modern graphics processors. By running part of the malicious code on a different processor architecture with ample computational power, these techniques pose significant challenges to existing malware detection and analysis systems, which are tailored to the analysis of CPU code. We also discuss how upcoming GPU features can be used to build even more robust and evasive malware, as well as directions for potential defenses against GPU-assisted malware.

Keywords

GPU Malware Evasion 

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Giorgos Vasiliadis
    • 1
  • Michalis Polychronakis
    • 2
  • Sotiris Ioannidis
    • 1
  1. 1.FORTHHeraklionGreece
  2. 2.Columbia UniversityNew YorkUSA

Personalised recommendations