A Categorical Treatment of Malicious Behavioral Obfuscation
نویسندگان
چکیده
This paper studies malicious behavioral obfuscation through the use of a new abstract model for process and kernel interactions based on monoidal categories. In this model, program observations are considered to be finite lists of system call invocations. In a first step, we show how malicious behaviors can be obfuscated by simulating the observations of benign programs. In a second step, we show how to generate such malicious behaviors through a technique called path replaying and we extend the class of captured malwares by using some algorithmic transformations on morphisms graphical representation. In a last step, we show that all the obfuscated versions we obtained can be used to detect well-known malwares in practice.
منابع مشابه
Analyzing new features of infected web content in detection of malicious web pages
Recent improvements in web standards and technologies enable the attackers to hide and obfuscate infectious codes with new methods and thus escaping the security filters. In this paper, we study the application of machine learning techniques in detecting malicious web pages. In order to detect malicious web pages, we propose and analyze a novel set of features including HTML, JavaScript (jQuery...
متن کاملASIC design protection against reverse engineering during the fabrication process using automatic netlist obfuscation design flow
Fab-less business model in semiconductor industry has led to serious concerns about trustworthy hardware. In untrusted foundries and manufacturing companies, submitted layout may be analyzed and reverse engineered to steal the information of a design or insert malicious Trojans. Understanding the netlist topology is the ultimate goal of the reverse engineering process. In this paper, we propose...
متن کاملStatic Analysis of Executables to Detect Malicious Patterns
Malicious code detection is a crucial component of any defense mechanism. In this paper, we present a unique viewpoint on malicious code detection. We regard malicious code detection as an obfuscation-deobfuscation game between malicious code writers and researchers working on malicious code detection. Malicious code writers attempt to obfuscate the malicious code to subvert the malicious code ...
متن کاملCode Obfuscation Literature Survey
In this paper we survey the current literature on code obfuscation and review current practices as well as applications. We analyze the different obfuscation techniques in relation to protection of intellectual property and the hiding of malicious code. Surprisingly, the same techniques used to thwart reverse engineers are used to hide malicious code from virus scanners. Additionally, obfuscati...
متن کاملUSENIX Association Proceedings of the 12 th USENIX Security Symposium
Malicious code detection is a crucial component of any defense mechanism. In this paper, we present a unique viewpoint on malicious code detection. We regard malicious code detection as an obfuscation-deobfuscation game between malicious code writers and researchers working on malicious code detection. Malicious code writers attempt to obfuscate the malicious code to subvert the malicious code ...
متن کامل