Title :
Server-side dynamic code analysis
Author :
Guizani, Wadie ; Marion, Jean-Yves ; Reynaud-Plantey, Daniel
Author_Institution :
LORIA, Nancy Univ., Vandoeuvre-les-Nancy, France
Abstract :
The common use of packers is a real challenge for the anti-virus community. Indeed, a static signature analysis can usually only detect and sometimes remove known packers if a specific unpacking routine has been programmed manually. Generic unpacking does not solve the problem due to its limited effectiveness. Additionally, the important number of binaries to scan on a daily basis makes automated analysis necessary in order to protect information systems. In this context, we propose a taxonomy of self-modifying behaviors, a generic method to detect them in potentially malicious samples and a scalable architecture for the distributed analysis of a high volume of binaries.
Keywords :
digital signatures; information systems; antivirus community; distributed analysis; generic unpacking; information system protection; server-side dynamic code analysis; static signature analysis; Computer architecture; Information analysis; Information systems; Instruments; Protection; Prototypes; Taxonomy; Testing; Virtual machining; Virtual prototyping;
Conference_Titel :
Malicious and Unwanted Software (MALWARE), 2009 4th International Conference on
Conference_Location :
Montreal, QC
Print_ISBN :
978-1-4244-5786-1
DOI :
10.1109/MALWARE.2009.5403017
