Filho, Ailton Santos; Rodríguez, Ricardo J; Feitosa, Eduardo L
Reducing the Attack Surface of Dynamic Binary Instrumentation Frameworks Proceedings Article
In: Developments and Advances in Defense and Security, pp. 3–13, Springer Singapore, Singapore, 2020, ISBN: 978-981-13-9155-2.
Abstract | Links | BibTeX | Tags: Analysis-aware malware, Anti-analysis, Anti-instrumentation, Dynamic binary instrumentation
@inproceedings{SRF-MICRADS-19,
title = {Reducing the Attack Surface of Dynamic Binary Instrumentation Frameworks},
author = {Ailton Santos Filho and Ricardo J Rodríguez and Eduardo L Feitosa},
url = {http://webdiis.unizar.es/~ricardo/files/papers/SRF-MICRADS-19.pdf},
doi = {10.1007/978-981-13-9155-2_1},
isbn = {978-981-13-9155-2},
year = {2020},
date = {2020-01-01},
booktitle = {Developments and Advances in Defense and Security},
volume = {152},
pages = {3--13},
publisher = {Springer Singapore},
address = {Singapore},
abstract = {Malicious applications pose as one of the most relevant issues in today's technology scenario, being considered the root of many Internet security threats. In part, this owes the ability of malware developers to promptly respond to the emergence of new security solutions by developing artifacts to detect and avoid them. In this work, we present three countermeasures to mitigate recent mechanisms used by malware to detect analysis environments. Among these techniques, this work focuses on those that enable a malware to detect dynamic binary instrumentation frameworks, thus increasing their attack surface. To ensure the effectiveness of the proposed countermeasures, proofs of concept were developed and tested in a controlled environment with a set of anti-instrumentation techniques. Finally, we evaluated the performance impact of using such countermeasures.},
keywords = {Analysis-aware malware, Anti-analysis, Anti-instrumentation, Dynamic binary instrumentation},
pubstate = {published},
tppubtype = {inproceedings}
}
Malicious applications pose as one of the most relevant issues in today's technology scenario, being considered the root of many Internet security threats. In part, this owes the ability of malware developers to promptly respond to the emergence of new security solutions by developing artifacts to detect and avoid them. In this work, we present three countermeasures to mitigate recent mechanisms used by malware to detect analysis environments. Among these techniques, this work focuses on those that enable a malware to detect dynamic binary instrumentation frameworks, thus increasing their attack surface. To ensure the effectiveness of the proposed countermeasures, proofs of concept were developed and tested in a controlled environment with a set of anti-instrumentation techniques. Finally, we evaluated the performance impact of using such countermeasures.