Salman Niksefat scite author profile

The Cyber world is plagued with ever-evolving malware that readily infiltrates all defense mechanisms, operates viciously unbeknownst to the user and surreptitiously exfiltrate sensitive data. Understanding the inner workings of such malware provides a leverage to effectively combat them. This understanding, is pursued through dynamic analysis which is conducted manually or automatically. Malware authors accordingly, have devised and advanced evasion techniques to thwart or evade these analyses. In this paper, we present a comprehensive survey on malware dynamic analysis evasion techniques. In addition, we propose a detailed classification of these techniques and further demonstrate how their efficacy hold against different types of detection and analysis approach.Our observations attest that evasive behavior is mostly interested in detecting and evading sandboxes. The primary tactic of such malware we argue, is fingerprinting followed by new trends for reverse Turing test tactic which aims at detecting human interaction. Furthermore, we will posit that the current defensive strategies beginning with reactive methods to endeavors for more transparent analysis systems, are readily foiled by zeroday fingerprinting techniques or other evasion tactics such as stalling. Accordingly, we would recommend pursuit of more generic defensive strategies with emphasis on path exploration techniques that has the potential to thwart all the evasive tactics.

show abstract

An Efficient Protocol for Oblivious DFA Evaluation and Applications

Mohassel

Niksefat

Sadeghian

et al. 2012

View full text Add to dashboard Cite

Pure-Call Oriented Programming (PCOP): chaining the gadgets using call instructions

Sadeghi

Niksefat

Rostamipour

2017

J Comput Virol Hack Tech

View full text Add to dashboard Cite

Privacy issues in intrusion detection systems: A taxonomy, survey and future directions

Niksefat

Kaghazgaran

Sadeghiyan

2017

Computer Science Review

View full text Add to dashboard Cite

ZIDS: A Privacy-Preserving Intrusion Detection System Using Secure Two-Party Computation Protocols

Niksefat

Sadeghiyan

Mohassel

et al. 2013

The Computer Journal

View full text Add to dashboard Cite

We introduce ZIDS, a client-server solution for private detection of intrusions that is suitable for private detection of zero-day attacks in input data. The system includes an IDS server that has a set of sensitive signatures for zero-day attacks and IDS clients that possess some sensitive data (e.g. files, logs). Using ZIDS, each IDS client learns whether its input data matches any of the zero-day signatures, but neither party learns any additional information. In other words, the IDS client learns nothing about the zero-day signatures and the IDS server learns nothing about the input data and the analysis results. To solve this problem, we reduce privacy-preserving intrusion detection to an instance of secure two-party oblivious deterministic finite automata evaluation (ODFA). Then, motivated by the fact that the DFAs associated with attack signature are often sparse, we propose a new and efficient ODFA protocol that takes advantage of this sparsity. Our new construction is considerably more efficient than the existing solutions and at the same time does not leak any sensitive information about the nature of the sparsity in the private DFA. We provide a full implementation of our privacy-preserving system which includes optimizations that lead to better memory usage and evaluate its performance on rule sets from the Snort IDS.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Salman Niksefat

Malware Dynamic Analysis Evasion Techniques

An Efficient Protocol for Oblivious DFA Evaluation and Applications

Pure-Call Oriented Programming (PCOP): chaining the gadgets using call instructions

Privacy issues in intrusion detection systems: A taxonomy, survey and future directions

ZIDS: A Privacy-Preserving Intrusion Detection System Using Secure Two-Party Computation Protocols

Contact Info

Product

Resources

About