当前位置: X-MOL 学术Log. J. IGPL › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
On Fingerprinting of Public Malware Analysis Services
Logic Journal of the IGPL ( IF 0.6 ) Pub Date : 2019-12-07 , DOI: 10.1093/jigpal/jzz050
Alvaro Botas 1 , Ricardo J Rodríguez 2 , Vicente Matellan 1 , Juan F Garcia 1 , M T Trobajo 1 , Miguel V Carriegos 1
Affiliation  

Automatic public malware analysis services (PMAS, e.g. VirusTotal, Jotti or ClamAV, to name a few) provide controlled, isolated and virtual environments to analyse malicious software (malware) samples. Unfortunately, malware is currently incorporating techniques to recognize execution onto a virtual or sandbox environment; when an analysis environment is detected, malware behaves as a benign application or even shows no activity. In this work, we present an empirical study and characterization of automatic PMAS, considering 26 different services. We also show a set of features that allow to easily fingerprint these services as analysis environments; the lower the unlikeability of these features, the easier for us (and thus for malware) to fingerprint the analysis service they belong to. Finally, we propose a method for these analysis services to counter or at least mitigate our proposal.

中文翻译:

关于公共恶意软件分析服务的指纹识别

自动公共恶意软件分析服务(PMAS,例如VirusTotal,Jotti或ClamAV等)提供受控,隔离和虚拟的环境来分析恶意软件(恶意软件)样品。不幸的是,恶意软件目前正在采用多种技术来识别在虚拟或沙盒环境中的执行。当检测到分析环境时,恶意软件会表现为良性应用程序,甚至没有任何活动。在这项工作中,我们提出了对26种不同服务的自动PMAS进行的实证研究和表征。我们还展示了一组功能,这些功能可以轻松地将这些服务识别为分析环境。这些功能的相似性越低,我们(以及恶意软件)就越容易对它们所属的分析服务进行指纹识别。最后,我们为这些分析服务提出了一种方法,以应对或至少减轻我们的提议。
更新日期:2019-12-07
down
wechat
bug