Introduction

Abstract

AbstractMalicious software (i.e., malware) has become a severe threat to interconnected computer systems for decades and has caused billions of dollars damages each year. A large volume of new malware samples are discovered daily. Even worse, malware is rapidly evolving to be more sophisticated and evasive to strike against current malware analysis and defense systems. The work described in this book takes a root-cause oriented approach to the problem of automatic malware analysis. In this approach, we aim to capture the intrinsic natures of malicious behaviors, rather than the external symptoms of existing attacks. We propose a new architecture for binary code analysis, which is called whole-system out-of-the-box fine-grained dynamic binary analysis, to address the common challenges in malware detection and analysis. To realize this architecture, we build a unified and extensible analysis platform, code-named TEMU. We propose a core technique for fine-grained dynamic binary analysis, called layered annotative execution, and implement this technique in TEMU. Then on the basis of TEMU, we have proposed and built a series of novel techniques for automatic malware detection and analysis. We have developed Renovo, Panorama, HookFinder, and MineSweeper, for detecting and analyzing various aspects of malware. These techniques capture intrinsic characteristics of malware and thus are well suited for dealing with new malware samples and attack mechanisms.KeywordsAutomated Malware AnalysisMalware DetectionInterconnected Computer SystemsMalware SamplesDynamic Binary AnalysisThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.