POW-HOW: An enduring timing side-channel to evadeonline malware sandboxes

@inproceedings{Nappa2021POWHOWAE,
  title={POW-HOW: An enduring timing side-channel to evadeonline malware sandboxes},
  author={Antonio Nappa and Panagiotis Papadopoulos and Matteo Varvello and Daniel Aceituno Gomez and Juan Est{\'e}vez Tapiador and Andrea Lanzi},
  booktitle={ESORICS},
  year={2021}
}
Online malware scanners are one of the best weapons in the arsenal of cybersecurity companies and researchers. A fundamental part of such systems is the sandbox that provides an instrumented and isolated environment (virtualized or emulated) for any user to upload and run unknown artifacts and identify potentially malicious behaviors. The provided API and the wealth of information in the reports produced by these services have also helped attackers test the efficacy of numerous techniques to… 

References

SHOWING 1-10 OF 83 REFERENCES
Cuckoo sandbox
  • https://cuckoosandbox.org/
  • 2010
The Catena Password-Scrambling Framework
TLDR
NISTStandards and Technologies (NIST), during his sabbatical, adjusted the tweak description corresponding to the reference implementation and updated performance values for parameter recommendations.
Pricing via Processing or Combatting Junk Mail
We present a computational technique for combatting junk mail in particular and controlling access to a shared resource in general. The main idea is to require a user to compute a moderately hard,
Testing CPU emulators
TLDR
This paper presents a testing methodology specific for CPU emulators, based on fuzzing, and analysed four state-of-the-art IA-32 emulators and found several defects in each of them, some of which can prevent the proper execution of programs.
BareCloud: Bare-metal Analysis-based Evasive Malware Detection
TLDR
BareCloud is presented, an automated evasive malware detection system based on bare-metal dynamic malware analysis, which introduces a novel approach of hierarchical similarity-based malware behavior comparison to analyze the behavior of a sample in the various analysis systems.
A fistful of red-pills: how to automatically generate procedures to detect CPU emulators
TLDR
An automatic and systematic technique to generate red-pills, specific for detecting if a program is executed through a CPU emulator, for two publicly available emulators, which are widely used for analyzing malware.
File statistics during last 7 days
  • https://www.virustotal.com/ en/statistics/
  • 2020
Online malware sandboxes
  • www.medium.com/@su13ym4n/15online-sandboxes-for-malware-analysis-f8885ecb8a35
  • 2016
Combat Mobile Evasive Malware via Skip-Gram-Based Malware Detection
TLDR
This study aimed to create a malware detection model based on a natural language model called skip-gram to detect evasive malware with the highest accuracy rate possible and compared its malware detection performance against several commercial antimalware applications using VirusTotal API.
Ether
TLDR
It was considered that these characteristic forms of eruption were essentially interallied; and, since they were observed only among lepers, it was concluded that they were an essential feature of " true " leprosy.
...
...