Logo des Repositoriums
 

Fighting Evasive Malware: How to Pass the Reverse Turing Test By Utilizing a VMI-Based Human Interaction Simulator

dc.contributor.authorGruber, Jan
dc.contributor.authorFreiling, Felix C.
dc.contributor.editorChristian Wressnegger, Delphine Reinhardt
dc.date.accessioned2023-01-24T11:17:52Z
dc.date.available2023-01-24T11:17:52Z
dc.date.issued2022
dc.description.abstractSandboxes are an indispensable tool in dynamic malware analysis today. However, modern malware often employs sandbox-detection methods to exhibit non-malicious behavior within sandboxes and therefore evade automatic analysis. One category of sandbox-detection techniques are reverse Turing tests (RTTs) to determine the presence of a human operator. In order to pass these RTTs, we propose a novel approach which builds upon virtual machine introspection (VMI) to automatically reconstruct the graphical user interface, determine clickable buttons and inject human interface device events via direct control of virtualized human interface devices in a stealthy way. We extend the VMI-based open-source sandbox DRAKVUF with our approach and show that it successfully passes RTTs commonly employed by malware in the wild to detect sandboxesen
dc.identifier.doi10.18420/sicherheit2022_03
dc.identifier.isbn978-3-88579-717-3
dc.identifier.pissn1617-5468
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/40145
dc.language.isoen
dc.publisherGesellschaft für Informatik, Bonn
dc.relation.ispartofGI SICHERHEIT 2022
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-323
dc.subjectMalware Analysis
dc.subjectSandboxing
dc.subjectVirtual Machine Introspection
dc.subjectReverse Turing Test
dc.titleFighting Evasive Malware: How to Pass the Reverse Turing Test By Utilizing a VMI-Based Human Interaction Simulatoren
dc.title.subtitleHow to Pass the Reverse Turing Test By Utilizing a VMI-Based Human Interaction Simulatoren
gi.citation.endPage64
gi.citation.startPage49
gi.conference.date5.-8. April 2022
gi.conference.locationKarlsruhe
gi.conference.sessiontitleSession 1

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
B1-3.pdf
Größe:
388.38 KB
Format:
Adobe Portable Document Format