A Dynamic Analysis Infrastructure for Privacy-Breaching Malware

[Overview] [Publications] [Back to BitBlaze]


Malicious programs spy on users' behavior and compromise their privacy. Even software from reputable vendors, such as Google Desktop and Sony DRM media player, may perform undesirable actions. Unfortunately, existing techniques for detecting malware and analyzing unknown code samples are insufficient and have significant shortcomings. Signature-based detection, for example, cannot detect new malware and watch-point-based behavioral detection can be evaded by stealthy malware design. Previously proposed information flow analysis mechanisms are too coarse-grained to capture malware behavior and fail to address kernel-level attacks.

We observe that malicious IAP (Information Access and Processing) behavior is the fundamental trait of numerous malware categories (including keyloggers, password thieves, network sniffers, stealth backdoors, spyware and rootkits), which separates these malicious applications from benign software. We propose a system, Panorama, to detect and analyze malware by capturing this fundamental trait.


Capturing System-wide Information Flow for Malware Detection and Analysis
Heng Yin, Dawn Song, Manuel Egele, Christopher Kruegel, and Engin Kirda. To appear in Proceeding of the 14th ACM Conference of Computer and Communication Security (CCS'07), October, 2007.
Dynamic Spyware Analysis
Manuel Egele, Christopher Kruegel, Engin Kirda, Heng Yin, and Dawn Song. Appeared in Proceedings of USENIX Annual Technical Conference (Usenix'07), June 2007.

Back to BitBlaze