DocumentCode :
2898147
Title :
Malware Behavior Capturing Based on Taint Propagation and Stack Backtracing
Author :
Jianming, Fu ; Xinwen, Liu ; Binling, Cheng
Author_Institution :
Wuhan Univ., Wuhan, China
fYear :
2011
fDate :
16-18 Nov. 2011
Firstpage :
328
Lastpage :
335
Abstract :
Although dynamic analysis is immune to polymorphic, metamorphic, and encryption techniques, it is an open issue how to precisely capture behavior of malware. A connection between system call and its module has been constructed using taint propagation and stack backtracing, and a method of capturing malware behavior is presented on the basis of this connection1. This method works well on parasitic malware and the analysis results are more concise. Finally, a prototype Module-based Analysis Tool (MAT) on Windows XP has been implemented. The experimental results show that MAT can capture well behaviors of most kinds of malwares, and locate the real malicious module, which is very useful to remove malware.
Keywords :
invasive software; MAT; Windows XP; encryption techniques; malware behavior capturing; metamorphic techniques; prototype module-based analysis tool; stack backtracing; taint propagation; Kernel; Malware; Monitoring; Registers; dynamic analysis; malware; module monitor; stack backtracing; taint propagation;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 IEEE 10th International Conference on
Conference_Location :
Changsha
Print_ISBN :
978-1-4577-2135-9
Type :
conf
DOI :
10.1109/TrustCom.2011.43
Filename :
6120836
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2898147
بازگشت