Exploring Multiple Execution Paths for Malware Analysis

By Andreas Moser and Christopher Kruegel and Engin Kirda

Proceedings of the 2007 IEEE Symposium on Security and Privacy

Authors of the paper address the problem of malware which doesn’t display malicious behaviour unless certain trigger conditions are present. Dynamic taint-tracking is used to discover conditionals in the program that are dependent on tainted inputs. When one of the two branches of such a conditional is about to be taken, they create a checkpoint and a snapshot of the analyzed process, and keeps exploring one of the branch. Subsequently, when the exploration of the taken branch ends or after a timeout threshold is reached, they force the execution of the unexplored branch.

The paper can be found here.

Like this:

Be the first to like this post.

This entry was posted on November 14, 2008 at 14:28 and is filed under Systems Security . You can follow any responses to this entry through the RSS 2.0 feed You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply Cancel reply

Enter your comment here...

Please log in using one of these methods to post your comment:

Email (Address never made public)

Name

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Papers I have read and you should too.