[ Pobierz całość w formacie PDF ]
Dynamic Binary
Instrumentation-based
Framework for Malware Defense
Najwa Aaraj
†
, Anand Raghunathan
‡
, and Niraj K. Jha
†
† Department of Electrical Engineering, Princeton University,
Princeton, NJ 08544, USA
‡ NEC Labs America, Princeton, NJ 08540, USA
Outline
Motivation
Proposed framework
Framework details
Testing
environment
Real
environment
Experimental evaluation
Related work
Princeton University DIMVA 08 presentation
Motivation
Malware defense is a primary concern in
information security
Steady increase in the prevalence and diversity
of malware
Escalating financial, time, and productivity losses
Minor enhancements to current approaches are
unlikely to succeed
Increasing sophistication in techniques used by virus
writers
Emergence of zero-day and zero-hour attacks
Recent advances in virtualization allows the
implementation of isolated environments
Princeton University DIMVA 08 presentation
Motivation
(Contd.)
Advances in analysis techniques such as dynamic
binary instrumentation (DBI)
DBI injects instrumentation code that executes as part of
a normal instruction stream
Instrumentation code allows the observation of an
application’s behavior
“Rather than considering what may occur, DBI has the
benefit of operating on what actually does occur”
Ability to test untrusted code in an isolated environment
without corrupting a “live” environment, under DBI
Princeton University DIMVA 08 presentation
Outline
Motivation
Proposed framework
Framework details
Testing
environment
Real
environment
Experimental evaluation
Related work
Princeton University DIMVA 08 presentation
[ Pobierz całość w formacie PDF ]