Daniel Judt, Patrick Kochberger, Peter Kieseberg, S. Schrittwieser
{"title":"编译和分析开源恶意软件的研究目的","authors":"Daniel Judt, Patrick Kochberger, Peter Kieseberg, S. Schrittwieser","doi":"10.1109/ICSSA51305.2020.00013","DOIUrl":null,"url":null,"abstract":"Malware obfuscation can make both automatic and manual analysis of its binary code and the contained functionality significantly more time consuming. For malware research it would therefore be useful to be able to study the effects of different obfuscation methods on the resulting binary code. While some obfuscations are applied through rewriting of the binary, others have to be applied at source code level or during compile time. However, the source code of in-the-wild malware is often not available. For this paper, we collected the source code of eleven open source malware samples from the past 12 years and analyzed if they still compile on current systems. Furthermore, basic static analysis was performed to evaluate the usefulness of the resulting binaries for further malware obfuscation research. Our results indicate, that it is possible to compile available samples with moderate effort and the resulting binaries are very well suited for research purposes.","PeriodicalId":346706,"journal":{"name":"2020 International Conference on Software Security and Assurance (ICSSA)","volume":"81 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Compiling and Analyzing Open Source Malware for Research Purposes\",\"authors\":\"Daniel Judt, Patrick Kochberger, Peter Kieseberg, S. Schrittwieser\",\"doi\":\"10.1109/ICSSA51305.2020.00013\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Malware obfuscation can make both automatic and manual analysis of its binary code and the contained functionality significantly more time consuming. For malware research it would therefore be useful to be able to study the effects of different obfuscation methods on the resulting binary code. While some obfuscations are applied through rewriting of the binary, others have to be applied at source code level or during compile time. However, the source code of in-the-wild malware is often not available. For this paper, we collected the source code of eleven open source malware samples from the past 12 years and analyzed if they still compile on current systems. Furthermore, basic static analysis was performed to evaluate the usefulness of the resulting binaries for further malware obfuscation research. Our results indicate, that it is possible to compile available samples with moderate effort and the resulting binaries are very well suited for research purposes.\",\"PeriodicalId\":346706,\"journal\":{\"name\":\"2020 International Conference on Software Security and Assurance (ICSSA)\",\"volume\":\"81 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 International Conference on Software Security and Assurance (ICSSA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSSA51305.2020.00013\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 International Conference on Software Security and Assurance (ICSSA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSSA51305.2020.00013","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Compiling and Analyzing Open Source Malware for Research Purposes
Malware obfuscation can make both automatic and manual analysis of its binary code and the contained functionality significantly more time consuming. For malware research it would therefore be useful to be able to study the effects of different obfuscation methods on the resulting binary code. While some obfuscations are applied through rewriting of the binary, others have to be applied at source code level or during compile time. However, the source code of in-the-wild malware is often not available. For this paper, we collected the source code of eleven open source malware samples from the past 12 years and analyzed if they still compile on current systems. Furthermore, basic static analysis was performed to evaluate the usefulness of the resulting binaries for further malware obfuscation research. Our results indicate, that it is possible to compile available samples with moderate effort and the resulting binaries are very well suited for research purposes.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
