In this paper, we propose a new dynamic and configurable approach to anti-emulation malware analysis, aiming at improving transparency of existing analyses techniques. First of all, we test the effectiveness of existing widespread free analyzers. We observe that the main problem of these analyses is that they provide static and immutable values to the parameter used in anti-emulation tests. Our approach aims at overcoming these limitations by providing an abstract non-interference-based approach modeling the fact that parameters can be modified dynamically, and the corresponding executions compared.

MIME - A Formal Approach for Multiple Investigation in (Android) Malware Emulation Analysis

MASTROENI, Isabella
2015-01-01

Abstract

In this paper, we propose a new dynamic and configurable approach to anti-emulation malware analysis, aiming at improving transparency of existing analyses techniques. First of all, we test the effectiveness of existing widespread free analyzers. We observe that the main problem of these analyses is that they provide static and immutable values to the parameter used in anti-emulation tests. Our approach aims at overcoming these limitations by providing an abstract non-interference-based approach modeling the fact that parameters can be modified dynamically, and the corresponding executions compared.
Anti-emulation malware, abstract non-interference, program analysis
File in questo prodotto:
File Dimensione Formato  
TRAntiEmulation.pdf

accesso aperto

Descrizione: Rapporto tecnico con dati sperimentali
Tipologia: Documento in Post-print
Licenza: Dominio pubblico
Dimensione 2.2 MB
Formato Adobe PDF
2.2 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11562/926789
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact