A Dynamic Analysis Infrastructure for Privacy-Breaching Malware
[Overview] [Publications] [Back to BitBlaze]
Malicious programs spy on users' behavior and compromise their
privacy. Even software from reputable vendors, such as Google
Desktop and Sony DRM media player, may perform undesirable actions.
Unfortunately, existing techniques for detecting malware and
analyzing unknown code samples are insufficient and have significant
shortcomings. Signature-based detection, for example, cannot detect
new malware and watch-point-based behavioral detection can be evaded
by stealthy malware design. Previously proposed information flow
analysis mechanisms are too coarse-grained to capture malware
behavior and fail to address kernel-level attacks.
We observe that malicious IAP (Information Access and Processing) behavior is
the fundamental trait of numerous malware categories (including keyloggers,
password thieves, network sniffers, stealth backdoors, spyware and rootkits),
which separates these malicious applications from benign software.
We propose a system, Panorama, to detect
and analyze malware by capturing this fundamental trait.
- Capturing System-wide Information
Flow for Malware Detection and Analysis
- Heng Yin, Dawn Song, Manuel Egele, Christopher Kruegel,
and Engin Kirda. To appear in Proceeding of the 14th ACM Conference of
Computer and Communication Security (CCS'07), October, 2007.
- Dynamic Spyware Analysis
- Manuel Egele, Christopher Kruegel, Engin Kirda, Heng Yin,
and Dawn Song. Appeared in Proceedings of USENIX Annual Technical
Conference (Usenix'07), June 2007.
Back to BitBlaze