Skip to search formSkip to main contentSkip to account menu

Secure in-VM monitoring using hardware virtualization

This paper presents Secure In-VM Monitoring (SIM), a general-purpose framework that enables security monitoring applications to be placed back in the untrusted guest VM for efficiency without sacrificing the security guarantees provided by running them outside of the VM.
View on ACM (opens in a new tab)

Automatic Reverse Engineering of Malware Emulators

The first work in automatic reverse engineering of malware emulators is presented, which accurately reveals the syntax and semantics of emulated instruction sets and reconstructs execution paths of original programs from their bytecode representations.
View on IEEE (opens in a new tab)

G-Free: defeating return-oriented programming through gadget-less binaries

G-Free is presented, a compiler-based approach that represents the first practical solution against any possible form of ROP, and is able to eliminate all unaligned free-branch instructions inside a binary executable, and to protect the aligned free-Branch instructions to prevent them from being misused by an attacker.
View on ACM (opens in a new tab)

A quantitative study of accuracy in system call-based malware detection

This paper presents a systematic approach to measure how the choice of behavioral models influences the quality of a malware detector, and suggests that accuracy is non-linear across the model space, and that analytical reasoning is insufficient for finding an optimal model, and has to be supplemented by testing and empirical measurements.
View on ACM (opens in a new tab)

PeerRush: Mining for unwanted P2P traffic

View via Publisher (opens in a new tab)

Classification of packed executables for accurate computer virus detection

View via Publisher (opens in a new tab)

AccessMiner: using system-centric models for malware protection

The system-centric approach models the way in which benign programs access OS resources (such as files and registry entries) and raises very few (even zero) false positives while being able to detect a significant fraction of today's malware.
View on ACM (opens in a new tab)

McBoost: Boosting Scalability in Malware Collection and Analysis Using Statistical Classification of Executables

A fast statistical malware detection tool that is intended to improve the scalability of existing malware collection and analysis approaches, McBoost reduces the overall time of analysis by classifying and filtering out the least suspicious binaries and passing only the most suspicious ones to a detailed binary analysis process for signature extraction.
View on IEEE (opens in a new tab)

Diversified Process Replicæ for Defeating Memory Error Exploits

This work defines pr as the replica of a process p which behaves identically to p but has some "structural" diversity from it, thus defeating absolute and partial overwriting memory error exploits and making possible to detect memory corruption attacks in a deterministic way.
View on IEEE (opens in a new tab)

Impeding Malware Analysis Using Conditional Code Obfuscation

This work has implemented a compiler-level tool that takes a malware source program and automatically generates an obfuscated binary and provides insight into the strengths, weaknesses, and possible ways to strengthen current analysis approaches in order to defeat this malware obfuscation technique.
View Paper (opens in a new tab)
...
By clicking accept or continuing to use the site, you agree to the terms outlined in our Privacy Policy (opens in a new tab), Terms of Service (opens in a new tab), and Dataset License (opens in a new tab)