FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2908233611> ?p ?o ?g. }

• W2908233611 abstract "Run-time packers are widely used by malware writers in order to hinder reverse engineering and automated analysis. These tools consist in the encryption of the original program, which is restored at runtime and afterwards executed. When these tools became popular for malware protection, the research community focused the efforts on the detection and generic unpacking of this type of obfuscations. Researchers quickly shifted their attention to other problems in this domain. The current malware landscape evidences that the problem is not yet completely solved. Malware authors keep protecting their samples with run-time packers and available on-line malware analysis services do not provide any information about the packer used for protection beyond the result provided by signature-based detection methods. Malware writers typically scramble well-known versions of packers or implement their own custom unpackers. The fact that malware writers still make an effort to implement these techniques highlights that they are still effective to protect binaries.In this dissertation we combine different static techniques for packed binary classification. First, we propose the use of structural features extracted from Portable Executable files in order to discriminate packed from non-packed binaries, and study the performance differences among several feature-sets for this classification task. In this context, we also propose the application of anomaly detection under the intuition that common compilers produce binaries following standards and conventions, making the set of non-packed binaries easier to model than packed binaries.Second, although the research community has published successful solutions to generically unpack malware, this technique is still employed to protect samples. Following this idea, we raise a series of questions: What is the actual complexity of current run-time packers? Do these packers violate the assumptions made by previous approaches? What has been the evolution of the packer landscape over the years? In order to answer these questions we focus on studying the structural complexity of run-time packers. To this aim we design and develop a complete framework based on a dynamic analysis platform to record and analyse many different system events related to run-time packer behaviour. Moreover, we propose a taxonomy that combines several dimensions of complexity into one single score. This framework allowed us to perform the first longitudinal study on run-time packer complexity over custom-packed binaries, collected by the Anubis on-line sandbox since 2007.Finally, we focus on the technical challenges and limitations involved to apply multi-path exploration to the unpacking domain. It is well-known that multi-path exploration presents severe limitations for the analysis of highly obfuscated software and does not scale to large programs. In order to unpack binaries that partially reveal their code on demand (the most complex type of packer represented in our taxonomy), the first solution that comes to mind is multi-path exploration. Our research describes some of these limitations and proposes a set of domain-specific optimisations and a heuristic that combined together improve the feasibility of multi-path exploration for unpacking." @default.
• W2908233611 created "2019-01-11" @default.
• W2908233611 creator A5044345743 @default.
• W2908233611 date "2015-01-01" @default.
• W2908233611 modified "2023-09-26" @default.
• W2908233611 title "New perspectives in classification, complexity analysis and unpacking of run-time packers" @default.
• W2908233611 hasPublicationYear "2015" @default.
• W2908233611 type Work @default.
• W2908233611 sameAs 2908233611 @default.
• W2908233611 citedByCount "0" @default.
• W2908233611 crossrefType "journal-article" @default.
• W2908233611 hasAuthorship W2908233611A5044345743 @default.
• W2908233611 hasConcept C138885662 @default.
• W2908233611 hasConcept C160145156 @default.
• W2908233611 hasConcept C187191949 @default.
• W2908233611 hasConcept C199360897 @default.
• W2908233611 hasConcept C2777256151 @default.
• W2908233611 hasConcept C2779395397 @default.
• W2908233611 hasConcept C38652104 @default.
• W2908233611 hasConcept C41008148 @default.
• W2908233611 hasConcept C41895202 @default.
• W2908233611 hasConcept C541664917 @default.
• W2908233611 hasConcept C84525096 @default.
• W2908233611 hasConceptScore W2908233611C138885662 @default.
• W2908233611 hasConceptScore W2908233611C160145156 @default.
• W2908233611 hasConceptScore W2908233611C187191949 @default.
• W2908233611 hasConceptScore W2908233611C199360897 @default.
• W2908233611 hasConceptScore W2908233611C2777256151 @default.
• W2908233611 hasConceptScore W2908233611C2779395397 @default.
• W2908233611 hasConceptScore W2908233611C38652104 @default.
• W2908233611 hasConceptScore W2908233611C41008148 @default.
• W2908233611 hasConceptScore W2908233611C41895202 @default.
• W2908233611 hasConceptScore W2908233611C541664917 @default.
• W2908233611 hasConceptScore W2908233611C84525096 @default.
• W2908233611 hasLocation W29082336111 @default.
• W2908233611 hasOpenAccess W2908233611 @default.
• W2908233611 hasPrimaryLocation W29082336111 @default.
• W2908233611 hasRelatedWork W2014971823 @default.
• W2908233611 hasRelatedWork W2057887498 @default.
• W2908233611 hasRelatedWork W2107149787 @default.
• W2908233611 hasRelatedWork W2138788987 @default.
• W2908233611 hasRelatedWork W2186876923 @default.
• W2908233611 hasRelatedWork W2272202644 @default.
• W2908233611 hasRelatedWork W2517321897 @default.
• W2908233611 hasRelatedWork W2518873817 @default.
• W2908233611 hasRelatedWork W2526521048 @default.
• W2908233611 hasRelatedWork W2553397255 @default.
• W2908233611 hasRelatedWork W2762611631 @default.
• W2908233611 hasRelatedWork W2767376540 @default.
• W2908233611 hasRelatedWork W2770216013 @default.
• W2908233611 hasRelatedWork W2777043911 @default.
• W2908233611 hasRelatedWork W2903431435 @default.
• W2908233611 hasRelatedWork W2912468286 @default.
• W2908233611 hasRelatedWork W2956125792 @default.
• W2908233611 hasRelatedWork W2979737462 @default.
• W2908233611 hasRelatedWork W3004906168 @default.
• W2908233611 hasRelatedWork W2099477770 @default.
• W2908233611 isParatext "false" @default.
• W2908233611 isRetracted "false" @default.
• W2908233611 magId "2908233611" @default.
• W2908233611 workType "article" @default.