Multiprocess malware

2011 6th International Conference on Malicious and Unwanted Software Pub Date : 2011-10-18 DOI:10.1109/MALWARE.2011.6112320

M. Ramilli, M. Bishop, Shining Sun

引用次数: 29

Abstract

Malware behavior detectors observe the behavior of suspected malware by emulating its execution or executing it in a sandbox or other restrictive, instrumented environment. This assumes that the process, or process family, being monitored will exhibit the targeted behavior if it contains malware. We describe a technique for evading such detection by distributing the malware over multiple processes. We then present a method for countering this technique, and present results of tests that validate our claims.

查看原文本刊更多论文

多进程的恶意软件

恶意软件行为检测器通过模拟恶意软件的执行或在沙箱或其他受限的仪器化环境中执行恶意软件来观察可疑恶意软件的行为。这假定被监视的进程或进程族在包含恶意软件时将表现出目标行为。我们描述了一种通过在多个进程上分发恶意软件来逃避这种检测的技术。然后，我们提出了一种方法来反驳这种技术，并提出了验证我们的说法的测试结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2011 6th International Conference on Malicious and Unwanted Software

自引率

0.00%

发文量