@inproceedings{ec73af6aa2c54a7a863970e687d1bb38,
title = "A framework for understanding dynamic anti-analysis defenses",
abstract = "Malicious code often use a variety of anti-analysis and anti-tampering defenses to hinder analysis. Researchers trying to understand the internal logic of the malware have to penetrate these defenses. Existing research on such anti-analysis defenses tend to study them in isolation, thereby failing to see underlying conceptual similarities between different kinds of anti-analysis defenses. This paper proposes an information-flow-based framework that encompasses a wide variety of anti-analysis defenses. We illustrate the utility of our approach using two different instances of this framework: self-checksumming-based anti-tampering defenses and timing-based emulator detection. Our approach can provide insights into the underlying structure of various anti-analysis defenses and thereby help devise techniques for neutralizing them.",
keywords = "Anti-analysis defense, Sefl-checksumming, Taint analysis, Timing defense",
author = "Jing Qiu and Babak Yadegari and Brian Johannesmeyer and Saumya Debray and Xiaohong Su",
note = "Publisher Copyright: Copyright 2014 ACM.; 4th Program Protection and Reverse Engineering Workshop, PPREW 2014 ; Conference date: 09-12-2014",
year = "2014",
month = dec,
day = "9",
doi = "10.1145/2689702.2689704",
language = "English (US)",
series = "ACM International Conference Proceeding Series",
publisher = "Association for Computing Machinery",
booktitle = "Proceedings of the 4th Program Protection and Reverse Engineering Workshop, PPREW 2014",
}