[ Pobierz całość w formacie PDF ]
Dynamic Binary
Instrumentation-based
Framework for Malware Defense
Najwa Aaraj
†
, Anand Raghunathan
‡
, and Niraj K. Jha
†
† Department of Electrical Engineering, Princeton University,
Princeton, NJ 08544, USA
‡ NEC Labs America, Princeton, NJ 08540, USA
Outline

Motivation

Proposed framework

Framework details

Testing
environment

Real
environment

Experimental evaluation

Related work
Princeton University DIMVA 08 presentation
Motivation

Malware defense is a primary concern in
information security

Steady increase in the prevalence and diversity
of malware

Escalating financial, time, and productivity losses

Minor enhancements to current approaches are
unlikely to succeed

Increasing sophistication in techniques used by virus
writers

Emergence of zero-day and zero-hour attacks

Recent advances in virtualization allows the
implementation of isolated environments
Princeton University DIMVA 08 presentation
Motivation
(Contd.)

Advances in analysis techniques such as dynamic
binary instrumentation (DBI)

DBI injects instrumentation code that executes as part of
a normal instruction stream

Instrumentation code allows the observation of an
application’s behavior

“Rather than considering what may occur, DBI has the
benefit of operating on what actually does occur”
Ability to test untrusted code in an isolated environment
without corrupting a “live” environment, under DBI
Princeton University DIMVA 08 presentation
Outline

Motivation

Proposed framework

Framework details

Testing
environment

Real
environment

Experimental evaluation

Related work
Princeton University DIMVA 08 presentation
[ Pobierz całość w formacie PDF ]