Advanced or Not? A Comparative Study of the Use of Anti-debugging and Anti-VM Techniques in Generic and Targeted Malware

Abstract : Malware is becoming more and more advanced. As part of the sophistication, malware typically deploys various anti-debugging and anti-VM techniques to prevent detection. While defenders use debuggers and virtualized environment to analyze malware, malware authors developed anti-debugging and anti-VM techniques to evade this defense approach. In this paper, we investigate the use of anti-debugging and anti-VM techniques in modern malware, and compare their presence in 16,246 generic and 1,037 targeted malware samples (APTs). As part of this study we found several counter-intuitive trends. In particular, our study concludes that targeted malware does not use more anti-debugging and anti-VM techniques than generic malware, although targeted malware tend to have a lower antivirus detection rate. Moreover, this paper even identifies a decrease over time of the number of anti-VM techniques used in APTs and the Winwebsec malware family.
Type de document :
Communication dans un congrès
Jaap-Henk Hoepman; Stefan Katzenbeisser. 31st IFIP International Information Security and Privacy Conference (SEC), May 2016, Ghent, Belgium. IFIP Advances in Information and Communication Technology, AICT-471, pp.323-336, 2016, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-33630-5_22〉
Liste complète des métadonnées

Littérature citée [15 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01369566
Contributeur : Hal Ifip <>
Soumis le : mercredi 21 septembre 2016 - 10:58:17
Dernière modification le : mercredi 21 septembre 2016 - 11:16:40
Document(s) archivé(s) le : jeudi 22 décembre 2016 - 12:53:06

Fichier

 Accès restreint
Fichier visible le : 2019-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Ping Chen, Christophe Huygens, Lieven Desmet, Wouter Joosen. Advanced or Not? A Comparative Study of the Use of Anti-debugging and Anti-VM Techniques in Generic and Targeted Malware. Jaap-Henk Hoepman; Stefan Katzenbeisser. 31st IFIP International Information Security and Privacy Conference (SEC), May 2016, Ghent, Belgium. IFIP Advances in Information and Communication Technology, AICT-471, pp.323-336, 2016, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-33630-5_22〉. 〈hal-01369566〉

Partager

Métriques

Consultations de la notice

64