Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Learning Bayesian Network to Predict Group Emotion in Kindergarten by Evolutionary Computation Read chapter Read first chapter

2018 | OriginalPaper | Chapter

Empirical Study to Fingerprint Public Malware Analysis Services

Authors : Álvaro Botas, Ricardo J. Rodríguez, Vicente Matellán, Juan F. García

Published in: International Joint Conference SOCO’17-CISIS’17-ICEUTE’17 León, Spain, September 6–8, 2017, Proceeding

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

The evolution of malicious software (malware) analysis tools provided controlled, isolated, and virtual environments to analyze malware samples. Several services are found on the Internet that provide to users automatic system to analyze malware samples, as VirusTotal, Jotti, or ClamAV, to name a few. Unfortunately, malware is currently incorporating techniques to recognize execution onto a virtual or sandbox environment. When analysis environment is detected, malware behave as a benign application or even show no activity. In this work, we present an empirical study and characterization of automatic public malware analysis services. In particular, we consider 26 different services. We also show a set of features that allow to easily fingerprint these services as analysis environments. Finally, we propose a method to mitigate fingerprinting.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Software Defined Networking Opportunities for Intelligent Security Enhancement of Industrial Control Systems
next chapter Illegal Activity Categorisation in DarkNet Based on Image Classification Using CREIC Method
Footnotes
1
In this paper, we indistinguishably use PMAS as singular and plural acronym.
 
2
Microsoft is composed by Microsoft Other, Microsoft Defender 10, Microsoft Defender 8, Microsoft Defender 7, Microsoft Vista, XP, Essentials and Others.
 
Literature
1.
Balzarotti, D., Cova, M., Karlberger, C., Kirda, E., Kruegel, C., Vigna, G.: Efficient detection of split personalities in malware. In: NDSS 2010 (2010)
2.
Blackthorne, J., Bulazel, A., Fasano, A., Biernat, P., Yener, B.: AVLeak: fingerprinting antivirus emulators through black-box testing. In: Proceedings of the 10th USENIX Workshop on Offensive Technologies. USENIX Association (2016)
3.
Chen, P., Huygens, C., Desmet, L., Joosen, W.: Advanced or not? A comparative study of the use of anti-debugging and Anti-VM techniques in generic and targeted malware. In: Hoepman, J.-H., Katzenbeisser, S. (eds.) SEC 2016. IAICT, vol. 471, pp. 323–336. Springer, Cham (2016). doi:10.​1007/​978-3-319-33630-5_​22 CrossRef
4.
Chen, X., Andersen, J., Mao, Z.M., Bailey, M., Nazario, J.: Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In: DSN 2008, pp. 177–186, June 2008
5.
Ferrand, O.: How to detect the Cuckoo Sandbox and to strengthen it? J. Comput. Virol. Hacking Tech. 11(1), 51–58 (2015)MathSciNetCrossRef
6.
Garfinkel, T., Adams, K., Warfield, A., Franklin, J.: Compatibility is not transparency: VMM detection myths and realities. In: Proceedings of the 11th USENIX Workshop on Hot Topics in Operating Systems, pp. 6:1–6:6. USENIX Association (2007)
7.
Kirat, D., Vigna, G.: MalGene: automatic extraction of malware analysis evasion signature. In: CCS 2015, pp. 769–780. ACM (2015)
8.
Kumar, A.V., Vishnani, K., Kumar, K.V.: Split personality malware detection and defeating in popular virtual machines. In: SIN 2012, pp. 20–26. ACM (2012)
9.
10.
Pék, G., Bencsáth, B., Buttyán, L.: nEther: in-guest detection of out-of-the-guest malware analyzers. In: EUROSEC 2011, p. 3:1–3:6. ACM (2011)
11.
Raffetseder, T., Kruegel, C., Kirda, E.: Detecting system emulators. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 1–18. Springer, Heidelberg (2007). doi:10.​1007/​978-3-540-75496-1_​1 CrossRef
12.
Rodríguez, R.J., Rodríguez-Gastón, I., Alonso, J.: Towards the detection of isolation-aware malware. EEE Lat. Am. Trans. 14(2), 1024–1036 (2016)CrossRef
13.
Shi, H., Alwabel, A., Mirkovic, J.: Cardinal pill testing of system virtual machines. In: Proceedings of the 23rd USENIX Security Symposium, pp. 271–285 (2014)
14.
Symantec: ISTR - Internet Security Threat Report. Technical report (2016)
15.
Tan, J.W.J., Yap, R.H.C.: Detecting malware through anti-analysis signals - a preliminary study. In: Foresti, S., Persiano, G. (eds.) CANS 2016. LNCS, vol. 10052, pp. 542–551. Springer, Cham (2016). doi:10.​1007/​978-3-319-48965-0_​33 CrossRef
16.
Wang, G., Estrada, Z.J., Pham, C., Kalbarczyk, Z., Iyer, R.K.: Hypervisor introspection: a technique for evading passive virtual machine monitoring. In: Proceedings of the 9th USENIX Workshop on Offensive Technologies. USENIX Association (2015)
17.
Yoshioka, K., Hosobuchi, Y., Orii, T., Matsumoto, T.: Your sandbox is blinded: impact of decoy injection to public malware analysis systems. J. Inf. Process. 19, 153–168 (2011)
Metadata
Title
Empirical Study to Fingerprint Public Malware Analysis Services
Authors
Álvaro Botas
Ricardo J. Rodríguez
Vicente Matellán
Juan F. García
Copyright Year
2018
Book
International Joint Conference SOCO’17-CISIS’17-ICEUTE’17 León, Spain, September 6–8, 2017, Proceeding

Print ISBN: 978-3-319-67179-6

Electronic ISBN: 978-3-319-67180-2

Copyright Year: 2018

DOI
https://doi.org/10.1007/978-3-319-67180-2_57

Premium Partner

    Image Credits