HookFinder: Identifying and Understanding Malware Hooking Behaviors

  title={HookFinder: Identifying and Understanding Malware Hooking Behaviors},
  author={Heng Yin and Zhenkai Liang and Dawn Xiaodong Song},
Installing various hooks into the victim system is an import ant attacking strategy used by malware, including spyware, rootkits, stealth backdoors, and others. In order to vade detection, malware writers are exploring new hooking mechanisms. For example, a stealth kernel backdoor , eepdoor , has been demonstrated to successfully evade all existing hook detectors. Unfortunately, the stat e of the art of malware analysis is painstaking, mostly manual and error-prone. In this paper, we propose… CONTINUE READING
Highly Cited
This paper has 143 citations. REVIEW CITATIONS


Publications citing this paper.
Showing 1-10 of 95 extracted citations

143 Citations

Citations per Year
Semantic Scholar estimates that this publication has 143 citations based on the available data.

See our FAQ for additional information.


Publications referenced by this paper.
Showing 1-10 of 25 references

Dynam ic Spyware Analysis

  • M. Egele, C. Kruegel, E. Kirda, H. Yin, D. Song
  • InProceedings of the 2007 Usenix Annual…
  • 2007
Highly Influential
5 Excerpts

Pano rama: Capturing system-wide information flow for malware detection and analysis

  • H. Yin, D. Song, E. Manuel, C. Kruegel, E. Kirda
  • Proceedings of the 14th ACM Conferences on…
  • 2007
Highly Influential
6 Excerpts

System virginity verifier: Defining the ro admap for malware detection on windows systems

  • J. Rutkowska
  • Hack In The Box Security Conference , September
  • 2005
Highly Influential
4 Excerpts

VICE–catch the hookers

  • J. Butler, G. Hoglund
  • Black Hat USA,
  • 2004
Highly Influential
4 Excerpts

Botnet Analysis , chapter Automatically Identifying Trigger - based Behavior in Malware

  • C. Hartwig D. Brumley, Z. Liang, J. Newsome, D. Song, H. Yin
  • 2007

Exploring multiple e xecution paths for malware analysis

  • A. Moser, C. Kruegel, E. Kirda
  • Proceedings of the 2007 IEEE Symposium on…
  • 2007

Similar Papers

Loading similar papers…