Steganography for Executables and Code Transformation Signatures
نویسندگان
چکیده
Steganography embeds a secret message in an innocuous cover-object. This paper identifies three cover-specific redundancies of executable programs and presents steganographic techniques to exploit these redundancies. A general framework to evaluate the stealth of the proposed techniques is introduced and applied on an implementation for the IA-32 architecture. This evaluation proves that, whereas existing tools such as Hydan [1] are insecure, significant encoding rates can in fact be achieved at a high security level.
منابع مشابه
NewApproach for Detecting Unknown Malicious Executables
Detection of malicious executables that are known beforehand is usually performed using signature-based techniques. These techniques typically rely on the prior explicit knowledge of the malicious executable code, which is in turn is represented by one or more signatures or rules that are stored in a database. The database is frequently updated with new signatures, based on new observations. Th...
متن کاملSteganography Scheme Based on Reed-Muller Code with Improving Payload and Ability to Retrieval of Destroyed Data for Digital Images
In this paper, a new steganography scheme with high embedding payload and good visual quality is presented. Before embedding process, secret information is encoded as block using Reed-Muller error correction code. After data encoding and embedding into the low-order bits of host image, modulus function is used to increase visual quality of stego image. Since the proposed method is able to embed...
متن کاملSteganography for Executables
Steganography embeds a secret message in a seemingly innocuous cover-object. This paper presents a framework for steganography with executables as cover-objects built on top of an existing binary rewriter. Executables differ significantly from previously explored coverobjects, we thus first identify the cover-specific redundancies that can be used to embed a secret message. Techniques are then ...
متن کاملPE-Probe: Leveraging Packer Detection and Structural Information to Detect Malicious Portable Executables
The number of executable malware and the sophistication of their destructive ability has exponentially increased in past couple of years. Malware writers use sophisticated code obfuscation and encryption (a.k.a. packing) techniques to circumvent signatures – derived from the code of the malware for detection – stored in the signatures’ database of commercial off-the-shelf anti-virus software. I...
متن کاملAn Architecture for Kernel-Level Verification of Executables at Run Time
Digital signatures have been proposed by several researchers as a way of preventing execution of malicious code. In this paper we propose a general architecture for performing the signature verification as part of the kernel execution process. The proposed architecture does not require any change in the interpreters used to execute code and it can accommodate any executable format. We also repo...
متن کامل