For Publishers
DiscoveryMetadataPeer reviewHostingPublishing
For Researchers
JoinPublishReviewCollect
Register
Blog
About
Search
Advanced search
My ScienceOpen
Search
For Publishers
For Researchers
Blog
About
Inviting an author to review:
Moving targets: how the rapidly changing tobacco and nicotine landscape creates advertising and promotion policy challenges
Find an author and click ‘Invite to review selected article’ near their name.
Search for authorsSearch for similar articles
24
views
Article has an altmetric score of 1
29
references
 Top references
cited by
0
    
0 reviews
 Review
0
comments
 Comment
0
recommends
+1 Recommend
1 collections
    0
    shares
      90
      similar
       All similar

      To submit to the journal, please click here

      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      Multi-path exploration guided by taint and probability against evasive malware

      research-article

      Read this article at

      ScienceOpenPublisher
      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          Static analysis is often impeded by malware obfuscation techniques, such as encryption and packing, whereas dynamic analysis tends to be more resistant to obfuscation by leveraging concrete execution information. Unfortunately, malware can employ evasive techniques to detect the analysis environment and alter its behavior accordingly. While known evasive techniques can be explicitly dismantled, the challenge lies in generically dismantling evasions without full knowledge of their conditions or implementations, such as logic bombs that rely on uncertain conditions, let alone unsupported evasive techniques, which contain evasions without corresponding dismantling strategies and those leveraging unknown implementations. In this paper, we present Antitoxin, a prototype for automatically exploring evasive malware. Antitoxin utilizes multi-path exploration guided by taint analysis and probability calculations to effectively dismantle evasive techniques. The probabilities of branch execution are derived from dynamic coverage, while taint analysis helps identify paths associated with evasive techniques that rely on uncertain conditions. Subsequently, Antitoxin prioritizes branches with lower execution probabilities and those influenced by taint analysis for multi-path exploration. This is achieved through forced execution, which forcefully sets the outcomes of branches on selected paths. Additionally, Antitoxin employs active anti-evasion countermeasures to dismantle known evasive techniques, thereby reducing exploration overhead. Furthermore, Antitoxin provides valuable insights into sensitive behaviors, facilitating deeper manual analysis. Our experiments on a set of highly evasive samples demonstrate that Antitoxin can effectively dismantle evasive techniques in a generic manner. The probability calculations guide the multi-path exploration of evasions without requiring prior knowledge of their conditions or implementations, enabling the dismantling of unsupported techniques such as C2 and significantly improving efficiency compared to linear exploration when dealing with complex control flows. Additionally, taint analysis can accurately identify branches related to logic bombs, facilitating preferential exploration.

          Related collections

          Most cited references29

          • Record: found
          • Abstract: not found
          • Article: not found

          Ant colony system: a cooperative learning approach to the traveling salesman problem

          M. Dorigo, L.M. Gambardella (1997)
          Article 0 comments Cited 594 times – based on 0 reviews     Review now
          Article has an altmetric score of 15
            Bookmark
            • Record: found
            • Abstract: found
            • Book: not found

            Genetic Algorithms in Search, Optimization, and Machine Learning

            David Edward Goldberg (1989)
            A gentle introduction to genetic algorithms. Genetic algorithms revisited: mathematical foundations. Computer implementation of a genetic algorithm. Some applications of genetic algorithms. Advanced operators and techniques in genetic search. Introduction to genetics-based machine learning. Applications of genetics-based machine learning. A look back, a glance ahead. A review of combinatorics and elementary probability. Pascal with random number generation for fortran, basic, and cobol programmers. A simple genetic algorithm (SGA) in pascal. A simple classifier system(SCS) in pascal. Partition coefficient transforms for problem-coding analysis.
            Book 0 comments Cited 158 times – based on 0 reviews
              Bookmark
              • Record: found
              • Abstract: not found
              • Conference Proceedings: not found

              Limits of Static Analysis for Malware Detection

              Engin Kirda, Christopher Kruegel, Andreas Moser (2007)
              Article 0 comments Cited 43 times – based on 0 reviews
              Article has an altmetric score of 4
                Bookmark
                All references

                Author and article information

                Contributors
                Fangzhou Xu:
                Bio :

                Fangzhou Xu is currently a master’s student in cyberspace security at Huazhong University of Science and Technology (HUST), Wuhan, China. He received a B.E. degree in information security from HUST, Wuhan, China, in 2020. His research interests include malware analysis and evasion detection.

                Wang Zhang:
                Bio :

                Wang Zhang is currently a master's student in cyberspace security at Huazhong University of Science and Technology (HUST), Wuhan, China. He received a B.E. degree in information security from HUST, Wuhan, China, in 2021. His research interests include adversarial malware detection and encrypted traffic classification.

                Weizhong Qiang:
                Bio :

                Weizhong Qiang received a Ph.D. degree in computer engineering from Huazhong University of Science and Technology (HUST), Wuhan, China, in 2005. He is a professor at HUST. His topics of research interests include system security about virtualization and cloud computing.

                Hai Jin:
                Bio :

                Hai Jin received a Ph.D. degree in computer engineering from Huazhong University of Science and Technology (HUST), Wuhan, China, in 1994. He is a Cheung Kung Scholars Chair Professor of computer science and engineering with HUST. His research interests include computer architecture, virtualization technology, cluster computing and cloud computing, peer-to-peer computing, network storage, and network security.

                Journal
                Journal ID (publisher-id): sands
                Journal ID (url): https://sands.edpsciences.org
                Title: Security and Safety
                Abbreviated Title: Security and Safety
                Publisher: EDP Sciences and CSPM
                ISSN (Electronic): 2826-1275
                Publication date Final: 05 September 2023
                Publication date (Print): 2023
                Publication date (Electronic): 05 September 2023
                Publication date Given-online-pub: 05 September 2023
                Volume: 2
                Issue: ( publisher-idID: sands/2023/01 )
                Electronic Location Identifier: 2023023
                Affiliations
                [1 ] National Engineering Research Center for Big Data Technology and System, , Wuhan, 430074, China,
                [2 ] Services Computing Technology and System Lab, Cluster and Grid Computing Lab, , Wuhan, 430074, China,
                [3 ] Hubei Key Laboratory of Distributed System Security, Hubei Engineering Research Center on Big Data Security, , Wuhan, 430074, China,
                [4 ] School of Cyber Science and Engineering, Huazhong University of Science and Technology, , Wuhan, 430074, China,
                [5 ] School of Computer Science and Technology, Huazhong University of Science and Technology, , Wuhan, 430074, China,
                [6 ] Jinyinhu Laboratory, , Wuhan, 430040, China,
                Author notes
                [* ]Corresponding authors (email: wzqiang@ 123456hust.edu.cn )
                Article
                Publisher ID: sands20230021
                DOI: 10.1051/sands/2023023
                SO-VID: 1d2f584b-5175-4519-9d36-f6fa1f32074b
                Copyright © © The Author(s) 2023. Published by EDP Sciences and China Science Publishing & Media Ltd.
                License:

                This is an Open Access article distributed under the terms of the Creative Commons Attribution License ( https://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

                History
                Date received : 08 May 2023
                Date revision received : 20 June 2023
                Date accepted : 11 August 2023
                Page count
                Figures: 8, Tables: 12, Equations: 4, References: 34, Pages: 24
                Funding
                Funded by: National Natural Science Foundation of China http://dx.doi.org/10.13039/501100001809
                Award ID: Grant No. 62272181
                Categories
                Subject: Research Article
                Subject: Other Fields
                Custom metadata
                idline Security and Safety, Vol. 2, 2023023 (2023)
                cover_date 2023
                first_year 2023
                last_year 2023
                open-access yes

                Keywords: evasion detection,taint analysis,forced execution,dynamic binary instrumentation,Malware analysis
                Data availability:
                Keywords: evasion detection, taint analysis, forced execution, dynamic binary instrumentation, Malware analysis

                Comments

                Comment on this article

                scite_
                0
                0
                0
                0
                Smart Citations
                0
                0
                0
                0
                Citing PublicationsSupportingMentioningContrasting
                View Citations

                See how this article has been cited at scite.ai

                scite shows how a scientific paper has been cited by providing the context of the citation, a classification describing whether it supports, mentions, or contrasts the cited claim, and a label indicating in which section the citation was made.

                Similar content90

                See all similar

                Most referenced authors190

                See all reference authors