Titlebook: Research in Attacks, Intrusions, and Defenses; 19th International S Fabian Monrose,Marc Dacier,Joaquin Garcia-Alfaro Conference proceedings

Infect

A Formal Framework for Environmentally Sensitive Malwaredel is that it cannot account for the most common approach to obfuscation used by malware: the observer effect. The observer effect describes the situation in which the act of observing something changes it. Malware implements the observer effect by detecting and acting on changes in its environment

gratify

: A Tool for Massive Malware Labelingnce datasets in turn used for evaluating malware clustering and training malware classification approaches. Oftentimes, such labeling is based on labels output by antivirus engines. While AV labels are well-known to be inconsistent, there is often no other information available for labeling, thus se

Eviction

Semantics-Preserving Dissection of JavaScript Exploits via Dynamic JS-Binary Analysist statements that uniquely characterize the exploit and the payload location in the exploit. However, the current diagnosis techniques are inadequate because they approach the problem either from a JavaScript perspective and fail to account for “implicit” data flow invisible at JavaScript level, or

constellation

The Messenger Shoots Back: Network Operator Based IMSI Catcher Detectionke phone calls, SMS or data transmission unbeknown to the user. They are readily available as commercial products as well as do-it-yourself projects running open-source software, and are obtained and used by law enforcement agencies and criminals alike. Multiple countermeasures have been proposed re

Myofibrils

Ruptured-Disk

注意力集中

Indigence

Invigorate

作繭自縛

SandPrint: Fingerprinting Malware Sandboxes to Provide Intelligence for Sandbox Evasionngle sandbox. In fact, using supervised learning techniques, we show that adversaries can automatically generate a classifier that can reliably tell a sandbox and a real system apart. Finally, we show that we can use similar techniques to stealthily detect commercial malware security appliances of three popular vendors.