Pružinec et al., 2022 - Google Patents
KUBO: a framework for automated efficacy testing of anti-virus behavioral detection with procedure-based malware emulationPružinec et al., 2022
View PDF- Document ID
- 1967600058880825259
- Author
- Pružinec J
- Nguyen Q
- Baldwin A
- Griffin J
- Liu Y
- Publication year
- Publication venue
- Proceedings of the 13th International Workshop on Automating Test Case Design, Selection and Evaluation
External Links
Snippet
Traditional testing of Anti-Virus (AV) products is usually performed on a curated set of malware samples. While this approach can evaluate an AV's overall performance on known threats, it fails to provide details on the coverage of exact attack techniques used by …
- 238000000034 method 0 title abstract description 153
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/44—Arrangements for executing specific programmes
- G06F9/455—Emulation; Software simulation, i.e. virtualisation or emulation of application or operating system execution engines
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/44—Arrangements for executing specific programmes
- G06F9/445—Programme loading or initiating
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2123—Dummy operation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
- G06F21/12—Protecting executable software
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Or-Meir et al. | Dynamic malware analysis in the modern era—A state of the art survey | |
| US10567432B2 (en) | Systems and methods for incubating malware in a virtual organization | |
| Bläsing et al. | An android application sandbox system for suspicious software detection | |
| US10084817B2 (en) | Malware and exploit campaign detection system and method | |
| Talukder | Tools and techniques for malware detection and analysis | |
| Alazab et al. | Analysis of malicious and benign android applications | |
| Biondi et al. | Tutorial: An overview of malware detection and evasion techniques | |
| Malin et al. | Malware forensics field guide for Windows Systems: Digital forensics field guides | |
| Druffel et al. | Davinci: Android app analysis beyond frida via dynamic system call instrumentation | |
| Zheng et al. | Towards robust detection of open source software supply chain poisoning attacks in industry environments | |
| Orbinato et al. | Laccolith: Hypervisor-based adversary emulation with anti-detection | |
| De Pasquale et al. | {ChainReactor}: Automated Privilege Escalation Chain Discovery via {AI} Planning | |
| Masid et al. | Application of the SAMA methodology to Ryuk malware: AG Masid et al. | |
| Yin et al. | Automatic malware analysis: an emulator based approach | |
| Pružinec et al. | KUBO: a framework for automated efficacy testing of anti-virus behavioral detection with procedure-based malware emulation | |
| Aminuddin et al. | Android trojan detection based on dynamic analysis | |
| Rahal et al. | Dataset of APT Persistence Techniques on Windows Platforms Mapped to the MITRE ATT&CK Framework | |
| Webb | Evaluating tool based automated malware analysis through persistence mechanism detection | |
| Spreitzenbarth | Dissecting the Droid: Forensic analysis of android and its malicious applications | |
| Mogicato et al. | Design and implementation of a collaborative, lightweight malware analysis sandbox using container virtualization | |
| Alachkar et al. | {EvilEDR}: Repurposing {EDR} as an Offensive Tool | |
| Ostler | Defensive cyber battle damage assessment through attack methodology modeling | |
| Maggio | Improving Memory Forensics Through Emulation and Program Analysis | |
| BALCI et al. | Malware Reverse Engineering Handbook | |
| Franzen | The Configurability of the Linux Kernel and the Implications on Security |