自动推断反病毒辅助攻击的恶意软件签名

Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security Pub Date : 2017-04-02 DOI:10.1145/3052973.3053002

Christian Wressnegger, Kevin Freeman, Fabian Yamaguchi, Konrad Rieck

{"title":"自动推断反病毒辅助攻击的恶意软件签名","authors":"Christian Wressnegger, Kevin Freeman, Fabian Yamaguchi, Konrad Rieck","doi":"10.1145/3052973.3053002","DOIUrl":null,"url":null,"abstract":"Although anti-virus software has significantly evolved over the last decade, classic signature matching based on byte patterns is still a prevalent concept for identifying security threats. Anti-virus signatures are a simple and fast detection mechanism that can complement more sophisticated analysis strategies. However, if signatures are not designed with care, they can turn from a defensive mechanism into an instrument of attack. In this paper, we present a novel method for automatically deriving signatures from anti-virus software and discuss how the extracted signatures can be used to attack sensible data with the aid of the virus scanner itself. To this end, we study the practicability of our approach using four commercial products and exemplary demonstrate anti-virus assisted attacks in three different scenarios.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"40","resultStr":"{\"title\":\"Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks\",\"authors\":\"Christian Wressnegger, Kevin Freeman, Fabian Yamaguchi, Konrad Rieck\",\"doi\":\"10.1145/3052973.3053002\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Although anti-virus software has significantly evolved over the last decade, classic signature matching based on byte patterns is still a prevalent concept for identifying security threats. Anti-virus signatures are a simple and fast detection mechanism that can complement more sophisticated analysis strategies. However, if signatures are not designed with care, they can turn from a defensive mechanism into an instrument of attack. In this paper, we present a novel method for automatically deriving signatures from anti-virus software and discuss how the extracted signatures can be used to attack sensible data with the aid of the virus scanner itself. To this end, we study the practicability of our approach using four commercial products and exemplary demonstrate anti-virus assisted attacks in three different scenarios.\",\"PeriodicalId\":20540,\"journal\":{\"name\":\"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-04-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"40\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3052973.3053002\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3052973.3053002","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 40

摘要

尽管反病毒软件在过去十年中有了显著的发展，但基于字节模式的经典签名匹配仍然是识别安全威胁的流行概念。反病毒签名是一种简单快速的检测机制，可以补充更复杂的分析策略。但是，如果签名设计不当，就可能从防御机制变成攻击工具。本文提出了一种从杀毒软件中自动提取签名的新方法，并讨论了如何利用病毒扫描程序本身来利用提取的签名攻击敏感数据。为此，我们使用四种商业产品来研究我们方法的实用性，并在三种不同的场景中示范反病毒辅助攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks

Although anti-virus software has significantly evolved over the last decade, classic signature matching based on byte patterns is still a prevalent concept for identifying security threats. Anti-virus signatures are a simple and fast detection mechanism that can complement more sophisticated analysis strategies. However, if signatures are not designed with care, they can turn from a defensive mechanism into an instrument of attack. In this paper, we present a novel method for automatically deriving signatures from anti-virus software and discuss how the extracted signatures can be used to attack sensible data with the aid of the virus scanner itself. To this end, we study the practicability of our approach using four commercial products and exemplary demonstrate anti-virus assisted attacks in three different scenarios.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

自引率

0.00%

发文量