In this paper, we propose a new dynamic and configurable approach to anti-emulation malware analysis, aiming at improving transparency of existing analyses techniques. First of all, we test the effectiveness of existing widespread free analyzers. We observe that the main problem of these analyses is that they provide static and immutable values to the parameter used in anti-emulation tests. Our approach aims at overcoming these limitations by providing an abstract non-interference-based approach modeling the fact that parameters can be modified dynamically, and the corresponding executions compared.
MIME - A Formal Approach for Multiple Investigation in (Android) Malware Emulation Analysis
MASTROENI, Isabella
2015-01-01
Abstract
In this paper, we propose a new dynamic and configurable approach to anti-emulation malware analysis, aiming at improving transparency of existing analyses techniques. First of all, we test the effectiveness of existing widespread free analyzers. We observe that the main problem of these analyses is that they provide static and immutable values to the parameter used in anti-emulation tests. Our approach aims at overcoming these limitations by providing an abstract non-interference-based approach modeling the fact that parameters can be modified dynamically, and the corresponding executions compared.
File in questo prodotto:
| File | Dimensione | Formato | |
|---|---|---|---|
|
TRAntiEmulation.pdf
accesso aperto
Descrizione: Rapporto tecnico con dati sperimentali
Tipologia:
Documento in Post-print
Licenza:
Dominio pubblico
Dimensione
2.2 MB
Formato
Adobe PDF
|
2.2 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
