Evaluating Dynamic Binary Instrumentation Systems for Conspicuous Features and Artifacts

D’Elia, Daniele Cono; InvidiaLorenzo,; PalmaroFederico,; QuerzoniLeonardo,

doi:10.1145/3478520

Cited by 8 publications

(6 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…9. The instrumentation mechanism of drltrace passes Test T2 for all but a few APIs: the test incidentally reveals artifacts of DynamoRIO, which alters several kernel32.dll APIs for its working [34].…”

Section: Discussionmentioning

confidence: 99%

“…The design of SNIPER does not address evasions targeting the peculiarities of the underlying instrumentation technique. For this well-studied problem [34], [40], [41], the implementation can resort to existing mitigations, such as patching the Time Stamp Counter in the VM monitor upon VM exit events or hiding artifacts of a DBI runtime as we did by using the mitigation library of [11].…”

Section: Residual Attack Surfacementioning

confidence: 99%

See 1 more Smart Citation

Designing Robust API Monitoring Solutions

D’Elia

Nicchi

Mariani

et al. 2023

IEEE Trans. Dependable and Secure Comput.

Self Cite

View full text Add to dashboard Cite

Tracing the sequence of library calls and system calls that a program makes is very helpful to characterize its interactions with the surrounding environment and, ultimately, its semantics. However, due to the entanglements of real-world software stacks, accomplishing this task can be surprisingly challenging as we take accuracy, reliability, and transparency into the equation. In this article, we identify six challenges that API monitoring solutions should overcome in order to manage these dimensions effectively and outline actionable design points for building robust API tracers that can be used even for security research. We then detail and evaluate SNIPER, an open-source API tracing system available in two variants based on dynamic binary instrumentation (for simplified in-guest deployment) and hardware-assisted virtualization (realizing the first general user-space tracer of this kind), respectively.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Residual Attack Surfacementioning

confidence: 99%

Designing Robust API Monitoring Solutions

D’Elia

Nicchi

Mariani

et al. 2023

IEEE Trans. Dependable and Secure Comput.

Self Cite

View full text Add to dashboard Cite

show abstract

“…We gather the instructions and memory traces utilizing IntelPIN [33,16] (step 4 in the figure). To only collect the traces of the WebAssembly execution with a wasmtime engine, we pause and resume the collection as the execution leaves and re-enters the WebAssembly code, respectively.…”

Section: Protocol For Rq2mentioning

confidence: 99%

Wasm-Mutate: Fast and Effective Binary Diversification for Webassembly

Cabrera Arteaga,

Fitzgerald,

Monperrus

et al. 2023

Preprint

View full text Add to dashboard Cite

“…At the same time, we have covered a variety of code-transformation approaches. Setting Android-based obfuscation tools involves more than selecting features [56,57]. In addition, many complicated circumstances make obfuscating specific parts of code complex or impossible to understand, and even if that code is obscured, the app will no longer operate.…”

Section: Android Security Vulnerabilities and Existing Obfuscation Te...mentioning

confidence: 99%

“…Dietzel et al [243] offered a false responder agent that provides misleading values to the malware regarding the execution environment. Singh [179] used the detection of user interactions and anti-emulators to enhance the resilience of identifying dynamic malware [244]. Petsas et al [115] suggested several countermeasures for different types of evasion detection, such as anti-emulation employing IMEI alteration and precise sensor simulation.…”

Section: (A)mentioning

confidence: 99%

A Survey and Evaluation of Android-Based Malware Evasion Techniques and Detection Frameworks

Faruki

Bhan

Jain³

et al. 2023

Information

View full text Add to dashboard Cite

Android platform security is an active area of research where malware detection techniques continuously evolve to identify novel malware and improve the timely and accurate detection of existing malware. Adversaries are constantly in charge of employing innovative techniques to avoid or prolong malware detection effectively. Past studies have shown that malware detection systems are susceptible to evasion attacks where adversaries can successfully bypass the existing security defenses and deliver the malware to the target system without being detected. The evolution of escape-resistant systems is an open research problem. This paper presents a detailed taxonomy and evaluation of Android-based malware evasion techniques deployed to circumvent malware detection. The study characterizes such evasion techniques into two broad categories, polymorphism and metamorphism, and analyses techniques used for stealth malware detection based on the malware’s unique characteristics. Furthermore, the article also presents a qualitative and systematic comparison of evasion detection frameworks and their detection methodologies for Android-based malware. Finally, the survey discusses open-ended questions and potential future directions for continued research in mobile malware detection.

show abstract

Evaluating Dynamic Binary Instrumentation Systems for Conspicuous Features and Artifacts

Cited by 8 publications

References 25 publications

Designing Robust API Monitoring Solutions

Designing Robust API Monitoring Solutions

Wasm-Mutate: Fast and Effective Binary Diversification for Webassembly

A Survey and Evaluation of Android-Based Malware Evasion Techniques and Detection Frameworks

Contact Info

Product

Resources

About