Please enable JavaScript.
Coggle requires JavaScript to display documents.
2008 - A Practical Taint-Based Malware Detection (Information (Approach…
2008 - A Practical Taint-Based Malware Detection
Information
Approach
Dynamic Taint Analysis
Taint data to determine whether data is used maliciously
Execution of alternative branch complete behavioral coverage
Snapshot when tainted data used in branch
Input value is rewritten for execution of other branch
Taint Source : System calls
Modify register
Access file system
Open connection
Weight Scheme
A heuristic approach to measure and determine whether a program is suspicious and may be a malware
Measured behavior
Process hiding
Registry modification
System file deletion
Native API hooking
Port binding
Malware detection and prevention
Distributed Architecture
Sensors
Host Sensor
Monitor activities in host level
Block malware
Consult with fingerprint database
Network Sensor
Monitor network flow
Record program behavior
Positive match
Fingerprint match
Sensitive data transmitted
Midpoints
Implement weight scheme
Determine whether program is suspicious
Pass the malware to analysis center
Analysis Center
QEMU
Analyse the malware in emulated environment
Generate fingerprint of a malware
Notes
What is?
Heuristic
Coarse-grained
Fine-grained
Conclusion
Goal
Problem
Dynamic analysis tools may not provide full coverage as some malware behaviors has trigger conditions
Objective
Introduce a system that malware detection system
Contribution