Title :
Hard-Detours: A new technique for dynamic code analysis
Author :
El-Mal, A. Osama Abo ; Sobh, M. Ali ; Eldin, Ayman M. Bahaa
Author_Institution :
Comput. & Syst. Dept., Ain-Shams Univ. Cairo, Cairo, Egypt
Abstract :
Dynamic code analysis for malware detection has become the heart of modern security tools. Some researchers target Microsoft Detours system to perform the dynamic analysis in window environment. This paper reveals some weakness in Microsoft Detours system. It introduces a mechanism (Anti-Detours) to escape from the code analysis trap. The paper proposes a new technique (Hard-Detours) to perform the dynamic code analysis. It intercepts the communication between the application and the system. The interception mechanism depends on the nature of each system call, to avoid detection, removal and bypassing techniques. The proposed technique is implemented for windows 32 Bit Portable Executables. Both analysis techniques are tested over a set of executables with and without the breaking mechanism.
Keywords :
invasive software; system monitoring; Microsoft Detours system; code analysis trap; dynamic code analysis; hard-detours; interception mechanism; malware detection; modern security tools; Computer crashes; Computers; Kernel; Libraries; Malware; Monitoring; API interception; Dynamic code analysis; Hard Detours; Microsoft Detours; code analysis;
Conference_Titel :
EUROCON, 2013 IEEE
Conference_Location :
Zagreb
Print_ISBN :
978-1-4673-2230-0
DOI :
10.1109/EUROCON.2013.6624964
