• Computer Science
  • Published in NDSS 2008

Impeding Malware Analysis Using Conditional Code Obfuscation

@inproceedings{Sharif2008ImpedingMA,
  title={Impeding Malware Analysis Using Conditional Code Obfuscation},
  author={Monirul I. Sharif and Andrea Lanzi and Jonathon T. Giffin and Wenke Lee},
  booktitle={NDSS},
  year={2008}
}
Malware programs that incorporate trigger-based behavior initiate malicious activities based on conditions satisfied only by specific inputs. State-of-the-art malware analyzers discover code guarded by triggers via multiple path exploration, symbolic execution, or forced conditional execution, all without knowing the trigger inputs. We present a malware obfuscation technique that automatically conceals specific trigger-based behavior from these malware analyzers. Our technique automatically… CONTINUE READING

Citations

Publications citing this paper.
SHOWING 1-10 OF 164 CITATIONS

Automatic Deobfuscation and Reverse Engineering of Obfuscated Code

VIEW 6 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

Integrated Software Fingerprinting via Neural-Network-Based Control Flow Obfuscation

VIEW 4 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

Symbolic Execution of Obfuscated Code

VIEW 4 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Linear Obfuscation to Combat Symbolic Execution

VIEW 6 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

GoldRusher: A miner for rapid identification of hidden code

  • Aleieldin Salem
  • Computer Science
  • 2018 IEEE 25th International Conference on Software Analysis, Evolution and Reengineering (SANER)
  • 2018
VIEW 3 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Leveraging Information Asymmetry to Transform Android Apps into Self-Defending Code Against Repackaging Attacks

VIEW 3 EXCERPTS
CITES METHODS
HIGHLY INFLUENCED

FILTER CITATIONS BY YEAR

2008
2019

CITATION STATISTICS

  • 12 Highly Influenced Citations

  • Averaged 18 Citations per year from 2017 through 2019

  • 7% Increase in citations per year in 2019 over 2018

References

Publications referenced by this paper.
SHOWING 1-10 OF 42 REFERENCES

Dynamic program instrumentation for scalable performance tools

VIEW 4 EXCERPTS
HIGHLY INFLUENTIAL

S

  • D. Brumley, C. Hartwig, +3 authors P. Poosankam
  • D, and H. Yin. Bitscope: Automatically dissecting malicious binaries. In CMU-CS-07-133
  • 2007
VIEW 4 EXCERPTS
HIGHLY INFLUENTIAL

LLVM: a compilation framework for lifelong program analysis & transformation

VIEW 8 EXCERPTS
HIGHLY INFLUENTIAL

Exploring Multiple Execution Paths for Malware Analysis

VIEW 3 EXCERPTS
HIGHLY INFLUENTIAL

Automatically Identifying Trigger-based Behavior in Malware

VIEW 2 EXCERPTS

Binary Obfuscation Using Signals

VIEW 1 EXCERPT

OmniUnpack: Fast, Generic, and Safe Unpacking of Malware

Omniunpack: Fast

  • L. Martignoni, M. Christodorescu, S. Jha
  • generic, and safe unpacking of malware. In Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  • 2007
VIEW 1 EXCERPT