Shabnam Aboughadareh scite author profile

Shabnam Aboughadareh

2Publications

6Citation Statements Received

63Citation Statements Given

How they've been cited

How they cite others

Affiliations

The University of Texas at Arlington

Publications

Order By: Most citations

Mixed-Mode Malware and Its Analysis

Aboughadareh

Csallner

Azarmi

2014

View full text Add to dashboard Cite

Mixed-mode malware contains user-mode and kernel-mode components that are interdependent. Such malware exhibits its main malicious payload only after it succeeds at corrupting the OS kernel. Such malware may further actively attack or subvert malware analysis components. Current malware analysis techniques are not effective against mixedmode malware. To overcome the limitations of current techniques, we present an approach that combines whole-system analysis with outside-the-guest virtual machine introspection. We implement this approach in the SEMU tool for Windows. In our experiments SEMU could successfully analyze several mixed-mode malware samples that evade current analysis approaches. The runtime overhead of SEMU is in line with the most closely related dynamic analysis tools TEMU and Ether.

show abstract

Detecting rootkits with the RAI runtime application inventory

Aboughadareh

Csallner

2016

View full text Add to dashboard Cite

Remotely determining which precise code is running on which machines is hard. This is especially true if the monitored machines lack modern security features and may be under malware attack, since in such a scenario the malware may have already manipulated applications and operating systems. Existing approaches to this problem are heavyweight and have a large attack surface, which is frequently attacked by both applications and malware. To address this problem, this paper introduces RAI, a lightweight code monitoring tool that is especially wellsuited for legacy systems. While potentially useful for many software maintenance tasks, this paper applies RAI for detecting ongoing rootkit attacks. Specifically, in our experiments on several user and kernel mode rootkits, our approach achieved with moderate overhead and a relatively low false positive rate a 100% rootkit detection rate.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.