Api Chaser: Anti-Analysis Resistant Malware Analyzer
RAID 2013: Proceedings of the 16th International Symposium on Research in Attacks, Intrusions, and Defenses - Volume 8145(2013)
摘要
API (Application Programming Interface) monitoring is an effective approach for quickly understanding the behavior of malware. It has been widely used in many malware countermeasures as their base. However, malware authors are now aware of the situation and they develop malware using several anti-analysis techniques to evade API monitoring. In this paper, we present our design and implementation of an API monitoring system, API Chaser, which is resistant to evasion-type anti-analysis techniques, e.g. stolen code and code injection. We have evaluated API Chaser with several real-world malware and the results showed that API Chaser is able to correctly capture API calls invoked from malware without being evaded.
更多查看译文
关键词
Malware,Taint Analysis,Anti-analysis,Evasion,WinAPI
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络