Learn More
Active wardens have been an area of postulation in the community for nearly two decades, but to date there have been no published implementations that can be used to stop steganography as it transits networks. In this paper we examine the techniques and challenges of a high-bandwidth, unattended, real-time, active warden in the context of a network(More)
We introduce a novel malware detection algorithm based on the analysis of graphs that are constructed from dynamically collected instruction traces of the target executable. These graphs represent Markov chains, where the vertices are the instructions and the transition probabilities are estimated by the data contained in the trace. We use a combination of(More)
Modern malware protection systems bring an especially difficult problem to antivirus scanners. Simple obfuscation methods can diminish the effectiveness of a scanner significantly, often times rendering them completely ineffective. This paper outlines the usage of a hypervisor based deobfuscation engine that greatly improves the effectiveness of existing(More)
SFI Working Papers contain accounts of scienti5ic work of the author(s) and do not necessarily represent the views of the Santa Fe Institute. We accept papers intended for publication in peer-­‐reviewed journals or proceedings volumes, but not papers that have already appeared in print. Except for papers by our external faculty, papers must be based on work(More)