• DocumentCode
    2898147
  • Title

    Malware Behavior Capturing Based on Taint Propagation and Stack Backtracing

  • Author

    Jianming, Fu ; Xinwen, Liu ; Binling, Cheng

  • Author_Institution
    Wuhan Univ., Wuhan, China
  • fYear
    2011
  • fDate
    16-18 Nov. 2011
  • Firstpage
    328
  • Lastpage
    335
  • Abstract
    Although dynamic analysis is immune to polymorphic, metamorphic, and encryption techniques, it is an open issue how to precisely capture behavior of malware. A connection between system call and its module has been constructed using taint propagation and stack backtracing, and a method of capturing malware behavior is presented on the basis of this connection1. This method works well on parasitic malware and the analysis results are more concise. Finally, a prototype Module-based Analysis Tool (MAT) on Windows XP has been implemented. The experimental results show that MAT can capture well behaviors of most kinds of malwares, and locate the real malicious module, which is very useful to remove malware.
  • Keywords
    invasive software; MAT; Windows XP; encryption techniques; malware behavior capturing; metamorphic techniques; prototype module-based analysis tool; stack backtracing; taint propagation; Kernel; Malware; Monitoring; Registers; dynamic analysis; malware; module monitor; stack backtracing; taint propagation;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 IEEE 10th International Conference on
  • Conference_Location
    Changsha
  • Print_ISBN
    978-1-4577-2135-9
  • Type

    conf

  • DOI
    10.1109/TrustCom.2011.43
  • Filename
    6120836
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2898147