SlideShare a Scribd company logo

Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022

Marcus Botacin
Marcus Botacin

My talk at Federal University of Minas Gerais (UFMG) to present some aspects of modern malware research and some of my contributions to the field (derived from my PhD defense). I cover all steps of a detection pipelines: threat hunting, malware triage, sandbox execution, threat intelligence, and endpoint protection.

Technology
1 of 47
Download to read offline
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Among Viruses, Trojans, and Backdoors Fighting Malware in 2022 Marcus Botacin 1mfbotacin@inf.ufpr.br mfbotacin@gmail.com marcusbotacin.github.io Among Viruses, Trojans, and Backdoors 1 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Who Am I? PhD. in Computer Science (2021) - Federal University of Paraná (UFPR), Brazil Thesis: “On the Malware Detection Problem: Challenges and new Approaches” MSc. in Computer Science (2017) - University of Campinas (UNICAMP), Brazil Dissertation: “Hardware-Assisted Malware Analysis” Computer Engineer (2015) - University of Campinas (UNICAMP), Brazil Final Project: “Malware detection via syscall patterns identification” Among Viruses, Trojans, and Backdoors 2 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Malware Detection Malware Detection How have we been doing? Among Viruses, Trojans, and Backdoors 3 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Malware Detection How have we been doing? (Malware Specifics) The good side Figure: Source: https://apnews.com/article/europe-ma lware-netherlands-coronavirus-pandem ic-7de5f74120a968bd0a5bee3c57899fed The bad side Figure: Source: https://thehackernews.com/2021/06/dr oidmorph-shows-popular-android.html Among Viruses, Trojans, and Backdoors 4 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Malware Detection Malware Detection: What have we been doing? Among Viruses, Trojans, and Backdoors 5 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Malware Detection The State-of-the-art in Malware Detection & Prevention Steps 1 Collection 2 Triage 3 Sandbox Analysis 4 Threat Intelligence 5 Endpoint Protection Distributed Processing Collection Cloud Processing Analysis and Intelligence steps Limited Processing Endpoint Among Viruses, Trojans, and Backdoors 6 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Malware Detection Collection How to find new malware samples? Searching “dark web” forums. Crawling software repositories. Leveraging honeypots. Checking spam traps. Downloading Malware repositories. Scrapping blocklists. The result Figure: Source: https://www.forbes.com/sites/thomasb rewster/2021/09/29/google-play-warni ng-200-android-apps-stole-millions -from-10-million-phones/ Among Viruses, Trojans, and Backdoors 7 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Malware Detection Triage Why how many new malware samples? Variations from the same source code. Implications Increase processing costs and response time. How to solve this problem? Identify and cluster similar samples. The Statistics Figure: Source: https://www.kaspersky.com/about/pres s-releases/2020 the-number-of-new-m alicious-files-detected-every-day- increases-by-52-to-360000-in-2020 Among Viruses, Trojans, and Backdoors 8 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Malware Detection Sandbox Analysis Goals Uncover hidden behaviors. Method Trace sample execution. Challenge Handle evasion attempts. Solution 1 Figure: https://blog.vir ustotal.com/2019/05/vi rustotal-multisandbox- yoroi-yomi.html Solution 2 Figure: https: //blog.virustotal.com/ 2019/07/virustotal-mul tisandbox-sndbox.html Among Viruses, Trojans, and Backdoors 9 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Malware Detection Threat Intelligence Goal Identify trends and predict attacks. How? Data analytics over analyzed samples. Challenges Look to a representative dataset. We should look to: Figure: Source: https://www.computerweekly.com/news/ 252504676/Ransomware-attacks-increas e-dramatically-during-2021 Among Viruses, Trojans, and Backdoors 10 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Malware Detection Endpoint Protection Goal Protect customers in their machines. How? Moving the viable analyses to the endpoint. Challenges Performance and usability constraints. Is there a “best”? Figure: Source: https://www.av-test.or g/en/antivirus/home-windows/ Among Viruses, Trojans, and Backdoors 11 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Sandboxing Enhancing Malware Tracing Among Viruses, Trojans, and Backdoors 12 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Sandboxing Publication Figure: Link: https://link.springer.com/article/10.1007/s11416-017-0292-8 Among Viruses, Trojans, and Backdoors 13 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Sandboxing Software-based Sandbox Figure: System Architecture. Analysis VMs. Among Viruses, Trojans, and Backdoors 14 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Sandboxing Publication Figure: Link: https://dl.acm.org/doi/10.1145/3152162 Among Viruses, Trojans, and Backdoors 15 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Sandboxing Hardware-based Sandbox Monitoring Steps 1 Software executes a branch. 2 Processor stores branch address in memory page. 3 Processor raises an interrupt. 4 Kernel handles interrupt. 5 Kernel sends data to userland. 6 Userland introspects into this data. Figure: System Architecture. Among Viruses, Trojans, and Backdoors 16 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Sandboxing Key Insight: Branches define basic blocks Figure: Identified branches and basic blocks. Figure: CFG Reconstruction. Among Viruses, Trojans, and Backdoors 17 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Threat Intelligence From Tracing to Threat Intelligence Among Viruses, Trojans, and Backdoors 18 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Threat Intelligence Publications Figure: Link: https: //dl.acm.org/doi/10.1145/3429741 Figure: Link: https://dl.acm.org/doi/1 0.1145/3339252.3340103 Among Viruses, Trojans, and Backdoors 19 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Threat Intelligence Brazilian Financial Malware on Desktop Figure: Passive Banker Malware for Santander bank waiting for user’s credential input. Figure: Passive Banker Malware for Itaú bank waiting for user’s credential input. Among Viruses, Trojans, and Backdoors 20 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Threat Intelligence Brazilian Financial Malware on Mobile Figure: BB’s Whatsapp chatbot. Figure: Bradesco’s Whatsapp chatbot. Among Viruses, Trojans, and Backdoors 21 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Threat Intelligence More about Brazilian Malware Figure: Link: https://www.usenix.org/conference/enigma2021/presentation/botacin Among Viruses, Trojans, and Backdoors 22 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Endpoint Protection From Threat Intelligence to Endpoint Protection Among Viruses, Trojans, and Backdoors 23 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Endpoint Protection Publication Figure: Link: https://www.sciencedirect.com/science/article/pii/S0167404821003242 Among Viruses, Trojans, and Backdoors 24 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Endpoint Protection Drawback: Real-time monitoring performance penalty 0 50 100 150 200 250 Perl Xalanc Gobmk H264 Namd Mcf Time (s) Benchmark AV’s Monitoring Performance Filter AV SSDT AV No AV Figure: AV Monitoring Performance. 0 50 100 150 200 250 300 perl namd Bzip milc mfc Execution Time (s) Benchmark AV scanning overhead Scan Baseline Figure: In-memory AV scans worst-case and best-case performance penalties. Among Viruses, Trojans, and Backdoors 25 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Endpoint Protection Publication Figure: Link: https://ieeexplore.ieee.org/document/9034972 Among Viruses, Trojans, and Backdoors 26 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Endpoint Protection SMC-Aware Processor Figure: Sample Profiling. Figure: System Overview. Among Viruses, Trojans, and Backdoors 27 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Endpoint Protection Publication Figure: Link: https://link.springer.com/article/10.1007/s11416-020-00348-w Among Viruses, Trojans, and Backdoors 28 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Endpoint Protection SMC-Aware Processor Figure: Modified Cache. Figure: Modified MMU. Among Viruses, Trojans, and Backdoors 29 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Endpoint Protection Publication Figure: Link: https://www.sciencedirect.com/science/article/abs/pii/S0957417422004882 Among Viruses, Trojans, and Backdoors 30 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Endpoint Protection A first idea: Hardware features as signatures Figure: Two-level branch predictor. A sequence window of taken (1) and not-taken (0) branches is stored in the Global History Register (GHR). 0 10 20 30 40 50 60 70 80 90 100 8 16 24 32 40 Percentage of signature collision in the k−bit space Branch pattern length (in k bits) Percentage of signature collision per branch−pattern length (in bits) Patterns Figure: Branch patterns coverage. Among Viruses, Trojans, and Backdoors 31 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Solutions Availability Solutions Availability Among Viruses, Trojans, and Backdoors 32 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Solutions Availability Code: The BranchMonitoring Project Figure: Link: https://github.com/marcusbotacin/BranchMonitoringProject Among Viruses, Trojans, and Backdoors 33 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Solutions Availability Service: Corvus Platform Figure: Link: corvus.inf.ufpr.br Figure: Corvus’ Threat Intelligence. Among Viruses, Trojans, and Backdoors 34 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Current Projects Current Research: Malware Decompilation Among Viruses, Trojans, and Backdoors 35 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Current Projects Publication Figure: Link: https://dl.acm.org/doi/10.1145/3375894.3375895 Among Viruses, Trojans, and Backdoors 36 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Current Projects Decompilation Execution Example 1 Data Extraction Debugging with GDB. Decompilation Lifting with Python. Recompilation Using GCC. Among Viruses, Trojans, and Backdoors 37 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Current Projects Publication Figure: Link: https://arxiv.org/abs/2109.06127 Among Viruses, Trojans, and Backdoors 38 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Current Projects Decompilation Execution Example 1 Figure: Malware Source-Code. Figure: Generated Patch. Among Viruses, Trojans, and Backdoors 39 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Machine Learning Machine Learning: The Latest Trend Among Viruses, Trojans, and Backdoors 40 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Machine Learning Malware Evasion Competition Figure: Source: mlsec.io Figure: Source: https: //www.microsoft.com/security/blog/20 21/07/29/attack-ai-systems-in-machin e-learning-evasion-competition/ Among Viruses, Trojans, and Backdoors 41 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Machine Learning Adversarial Machine Learning Figure: Source: https://github.com/marcusbotacin/Talks/tree/master/Waikato Among Viruses, Trojans, and Backdoors 42 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Machine Learning Adversarial Malware Figure: Dropper Strategy. Figure: Data Appendix Result. Among Viruses, Trojans, and Backdoors 43 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Machine Learning Challenge Results Figure: Defenders Challenge. Among Viruses, Trojans, and Backdoors 44 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Machine Learning Challenge Results Figure: Attackers Challenge. Among Viruses, Trojans, and Backdoors 45 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Machine Learning What’s Next? Among Viruses, Trojans, and Backdoors 46 / 47 UFMG
Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Recap & Remarks Thanks! Questions? Comments? @MarcusBotacin mfbotacin@inf.ufpr.br mfbotacin@gmail.com marcusbotacin.github.io corvus.inf.ufpr.br Among Viruses, Trojans, and Backdoors 47 / 47 UFMG

Recommended

How do we detect malware? A step-by-step guide
How do we detect malware? A step-by-step guideHow do we detect malware? A step-by-step guide
How do we detect malware? A step-by-step guide
Marcus Botacin
 
On the Malware Detection Problem: Challenges & Novel Approaches
On the Malware Detection Problem: Challenges & Novel ApproachesOn the Malware Detection Problem: Challenges & Novel Approaches
On the Malware Detection Problem: Challenges & Novel Approaches
Marcus Botacin
 
On the Security of Application Installers & Online Software Repositories
On the Security of Application Installers & Online Software RepositoriesOn the Security of Application Installers & Online Software Repositories
On the Security of Application Installers & Online Software Repositories
Marcus Botacin
 
Ijetr012045
Ijetr012045Ijetr012045
Ijetr012045
ER Publication.org
 
Mansour Alirfan5632632IntroductionProposalResults.docx
Mansour Alirfan5632632IntroductionProposalResults.docxMansour Alirfan5632632IntroductionProposalResults.docx
Mansour Alirfan5632632IntroductionProposalResults.docx
infantsuk
 
X-ware: a proof of concept malware utilizing artificial intelligence
X-ware: a proof of concept malware utilizing artificial intelligenceX-ware: a proof of concept malware utilizing artificial intelligence
X-ware: a proof of concept malware utilizing artificial intelligence
IJECEIAES
 
Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...
Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...
Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...
IJCSIS Research Publications
 
Software Pipelines: The Good, The Bad and The Ugly
Software Pipelines: The Good, The Bad and The UglySoftware Pipelines: The Good, The Bad and The Ugly
Software Pipelines: The Good, The Bad and The Ugly
João André Carriço
 

Recommended

How do we detect malware? A step-by-step guide
How do we detect malware? A step-by-step guideHow do we detect malware? A step-by-step guide
How do we detect malware? A step-by-step guide
Marcus Botacin
 
On the Malware Detection Problem: Challenges & Novel Approaches
On the Malware Detection Problem: Challenges & Novel ApproachesOn the Malware Detection Problem: Challenges & Novel Approaches
On the Malware Detection Problem: Challenges & Novel Approaches
Marcus Botacin
 
On the Security of Application Installers & Online Software Repositories
On the Security of Application Installers & Online Software RepositoriesOn the Security of Application Installers & Online Software Repositories
On the Security of Application Installers & Online Software Repositories
Marcus Botacin
 
Ijetr012045
Ijetr012045Ijetr012045
Ijetr012045
ER Publication.org
 
Mansour Alirfan5632632IntroductionProposalResults.docx
Mansour Alirfan5632632IntroductionProposalResults.docxMansour Alirfan5632632IntroductionProposalResults.docx
Mansour Alirfan5632632IntroductionProposalResults.docx
infantsuk
 
X-ware: a proof of concept malware utilizing artificial intelligence
X-ware: a proof of concept malware utilizing artificial intelligenceX-ware: a proof of concept malware utilizing artificial intelligence
X-ware: a proof of concept malware utilizing artificial intelligence
IJECEIAES
 
Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...
Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...
Hybrid Feature Classification Approach for Malicious JavaScript Attack Detect...
IJCSIS Research Publications
 
Software Pipelines: The Good, The Bad and The Ugly
Software Pipelines: The Good, The Bad and The UglySoftware Pipelines: The Good, The Bad and The Ugly
Software Pipelines: The Good, The Bad and The Ugly
João André Carriço
 
Análise de malware com suporte de hardware
Análise de malware com suporte de hardwareAnálise de malware com suporte de hardware
Análise de malware com suporte de hardware
Marcus Botacin
 
PyConPL 2017 - with python: security
PyConPL 2017 - with python: securityPyConPL 2017 - with python: security
PyConPL 2017 - with python: security
Piotr Dyba
 
20170412 om patri pres 153pdf
20170412 om patri pres 153pdf20170412 om patri pres 153pdf
20170412 om patri pres 153pdf
International Society of Service Innovation Professionals
 
Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....
Research Publish Journals (Publisher)
 
Symbolic Execution of Malicious Software: Countering Sandbox Evasion Techniques
Symbolic Execution of Malicious Software: Countering Sandbox Evasion TechniquesSymbolic Execution of Malicious Software: Countering Sandbox Evasion Techniques
Symbolic Execution of Malicious Software: Countering Sandbox Evasion Techniques
Fabio Rosato
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
amiable_indian
 
A theoretical superworm
A theoretical superwormA theoretical superworm
A theoretical superwormUltraUploader
 
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...
Keith Jones, PhD
 
INTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINE
INTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINEINTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINE
INTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINE
IRJET Journal
 
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET Journal
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
Adrian Guthrie
 
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyMalware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response Technology
Adrian Guthrie
 
Software Preservation: challenges and opportunities for reproductibility (Sci...
Software Preservation: challenges and opportunities for reproductibility (Sci...Software Preservation: challenges and opportunities for reproductibility (Sci...
Software Preservation: challenges and opportunities for reproductibility (Sci...
Roberto Di Cosmo
 
ScilabTEC 2015 - Irill
ScilabTEC 2015 - IrillScilabTEC 2015 - Irill
ScilabTEC 2015 - Irill
Scilab
 
Ontologies Ontop Databases
Ontologies Ontop DatabasesOntologies Ontop Databases
Ontologies Ontop Databases
Martín Rezk
 
Tech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidTech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on Android
Fraunhofer AISEC
 
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
Pluribus One
 
H017445260
H017445260H017445260
H017445260
IOSR Journals
 
Dnasec
DnasecDnasec
Dnasec
Zied Houaneb
 
TriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android ApplicationsTriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android Applications
Pietro De Nicolao
 
Machine Learning by Examples - Marcus Botacin - TAMU 2024
Machine Learning by Examples - Marcus Botacin - TAMU 2024Machine Learning by Examples - Marcus Botacin - TAMU 2024
Machine Learning by Examples - Marcus Botacin - TAMU 2024
Marcus Botacin
 
Near-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless MalwareNear-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless Malware
Marcus Botacin
 

More Related Content

Similar to Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022

Análise de malware com suporte de hardware
Análise de malware com suporte de hardwareAnálise de malware com suporte de hardware
Análise de malware com suporte de hardware
Marcus Botacin
 
PyConPL 2017 - with python: security
PyConPL 2017 - with python: securityPyConPL 2017 - with python: security
PyConPL 2017 - with python: security
Piotr Dyba
 
20170412 om patri pres 153pdf
20170412 om patri pres 153pdf20170412 om patri pres 153pdf
20170412 om patri pres 153pdf
International Society of Service Innovation Professionals
 
Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....
Research Publish Journals (Publisher)
 
Symbolic Execution of Malicious Software: Countering Sandbox Evasion Techniques
Symbolic Execution of Malicious Software: Countering Sandbox Evasion TechniquesSymbolic Execution of Malicious Software: Countering Sandbox Evasion Techniques
Symbolic Execution of Malicious Software: Countering Sandbox Evasion Techniques
Fabio Rosato
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
amiable_indian
 
A theoretical superworm
A theoretical superwormA theoretical superworm
A theoretical superwormUltraUploader
 
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...
Keith Jones, PhD
 
INTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINE
INTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINEINTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINE
INTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINE
IRJET Journal
 
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET Journal
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
Adrian Guthrie
 
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyMalware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response Technology
Adrian Guthrie
 
Software Preservation: challenges and opportunities for reproductibility (Sci...
Software Preservation: challenges and opportunities for reproductibility (Sci...Software Preservation: challenges and opportunities for reproductibility (Sci...
Software Preservation: challenges and opportunities for reproductibility (Sci...
Roberto Di Cosmo
 
ScilabTEC 2015 - Irill
ScilabTEC 2015 - IrillScilabTEC 2015 - Irill
ScilabTEC 2015 - Irill
Scilab
 
Ontologies Ontop Databases
Ontologies Ontop DatabasesOntologies Ontop Databases
Ontologies Ontop Databases
Martín Rezk
 
Tech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidTech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on Android
Fraunhofer AISEC
 
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
Pluribus One
 
H017445260
H017445260H017445260
H017445260
IOSR Journals
 
Dnasec
DnasecDnasec
Dnasec
Zied Houaneb
 
TriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android ApplicationsTriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android Applications
Pietro De Nicolao
 

Similar to Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022 (20)

Análise de malware com suporte de hardware
Análise de malware com suporte de hardwareAnálise de malware com suporte de hardware
Análise de malware com suporte de hardware
 
PyConPL 2017 - with python: security
PyConPL 2017 - with python: securityPyConPL 2017 - with python: security
PyConPL 2017 - with python: security
 
20170412 om patri pres 153pdf
20170412 om patri pres 153pdf20170412 om patri pres 153pdf
20170412 om patri pres 153pdf
 
Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....
 
Symbolic Execution of Malicious Software: Countering Sandbox Evasion Techniques
Symbolic Execution of Malicious Software: Countering Sandbox Evasion TechniquesSymbolic Execution of Malicious Software: Countering Sandbox Evasion Techniques
Symbolic Execution of Malicious Software: Countering Sandbox Evasion Techniques
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
 
A theoretical superworm
A theoretical superwormA theoretical superworm
A theoretical superworm
 
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...
 
INTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINE
INTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINEINTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINE
INTELLIGENT MALWARE DETECTION USING EXTREME LEARNING MACHINE
 
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
 
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyMalware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response Technology
 
Software Preservation: challenges and opportunities for reproductibility (Sci...
Software Preservation: challenges and opportunities for reproductibility (Sci...Software Preservation: challenges and opportunities for reproductibility (Sci...
Software Preservation: challenges and opportunities for reproductibility (Sci...
 
ScilabTEC 2015 - Irill
ScilabTEC 2015 - IrillScilabTEC 2015 - Irill
ScilabTEC 2015 - Irill
 
Ontologies Ontop Databases
Ontologies Ontop DatabasesOntologies Ontop Databases
Ontologies Ontop Databases
 
Tech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidTech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on Android
 
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
 
H017445260
H017445260H017445260
H017445260
 
Dnasec
DnasecDnasec
Dnasec
 
TriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android ApplicationsTriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android Applications
 

More from Marcus Botacin

Machine Learning by Examples - Marcus Botacin - TAMU 2024
Machine Learning by Examples - Marcus Botacin - TAMU 2024Machine Learning by Examples - Marcus Botacin - TAMU 2024
Machine Learning by Examples - Marcus Botacin - TAMU 2024
Marcus Botacin
 
Near-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless MalwareNear-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless Malware
Marcus Botacin
 
GPThreats-3: Is Automated Malware Generation a Threat?
GPThreats-3: Is Automated Malware Generation a Threat?GPThreats-3: Is Automated Malware Generation a Threat?
GPThreats-3: Is Automated Malware Generation a Threat?
Marcus Botacin
 
[HackInTheBOx] All You Always Wanted to Know About Antiviruses
[HackInTheBOx] All You Always Wanted to Know About Antiviruses[HackInTheBOx] All You Always Wanted to Know About Antiviruses
[HackInTheBOx] All You Always Wanted to Know About Antiviruses
Marcus Botacin
 
[Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change!
[Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change![Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change!
[Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change!
Marcus Botacin
 
Hardware-accelerated security monitoring
Hardware-accelerated security monitoringHardware-accelerated security monitoring
Hardware-accelerated security monitoring
Marcus Botacin
 
Extraindo Caracterı́sticas de Arquivos Binários Executáveis
Extraindo Caracterı́sticas de Arquivos Binários ExecutáveisExtraindo Caracterı́sticas de Arquivos Binários Executáveis
Extraindo Caracterı́sticas de Arquivos Binários Executáveis
Marcus Botacin
 
All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...
All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...
All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...
Marcus Botacin
 
Near-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless MalwareNear-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless Malware
Marcus Botacin
 
Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...
Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...
Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...
Marcus Botacin
 
Integridade, confidencialidade, disponibilidade, ransomware
Integridade, confidencialidade, disponibilidade, ransomwareIntegridade, confidencialidade, disponibilidade, ransomware
Integridade, confidencialidade, disponibilidade, ransomware
Marcus Botacin
 
An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...
An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...
An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...
Marcus Botacin
 
UMLsec
UMLsecUMLsec
UMLsec
Marcus Botacin
 
The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...
The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...
The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...
Marcus Botacin
 
Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?
Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?
Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?
Marcus Botacin
 
Towards Malware Decompilation and Reassembly
Towards Malware Decompilation and ReassemblyTowards Malware Decompilation and Reassembly
Towards Malware Decompilation and Reassembly
Marcus Botacin
 
Reverse Engineering Course
Reverse Engineering CourseReverse Engineering Course
Reverse Engineering Course
Marcus Botacin
 
Malware Variants Identification in Practice
Malware Variants Identification in PracticeMalware Variants Identification in Practice
Malware Variants Identification in Practice
Marcus Botacin
 
Machine Learning for Malware Detection: Beyond Accuracy Rates
Machine Learning for Malware Detection: Beyond Accuracy RatesMachine Learning for Malware Detection: Beyond Accuracy Rates
Machine Learning for Malware Detection: Beyond Accuracy Rates
Marcus Botacin
 
The AV says: Your Hardware Definitions were Updated!
The AV says: Your Hardware Definitions were Updated!The AV says: Your Hardware Definitions were Updated!
The AV says: Your Hardware Definitions were Updated!
Marcus Botacin
 

More from Marcus Botacin (20)

Machine Learning by Examples - Marcus Botacin - TAMU 2024
Machine Learning by Examples - Marcus Botacin - TAMU 2024Machine Learning by Examples - Marcus Botacin - TAMU 2024
Machine Learning by Examples - Marcus Botacin - TAMU 2024
 
Near-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless MalwareNear-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless Malware
 
GPThreats-3: Is Automated Malware Generation a Threat?
GPThreats-3: Is Automated Malware Generation a Threat?GPThreats-3: Is Automated Malware Generation a Threat?
GPThreats-3: Is Automated Malware Generation a Threat?
 
[HackInTheBOx] All You Always Wanted to Know About Antiviruses
[HackInTheBOx] All You Always Wanted to Know About Antiviruses[HackInTheBOx] All You Always Wanted to Know About Antiviruses
[HackInTheBOx] All You Always Wanted to Know About Antiviruses
 
[Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change!
[Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change![Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change!
[Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change!
 
Hardware-accelerated security monitoring
Hardware-accelerated security monitoringHardware-accelerated security monitoring
Hardware-accelerated security monitoring
 
Extraindo Caracterı́sticas de Arquivos Binários Executáveis
Extraindo Caracterı́sticas de Arquivos Binários ExecutáveisExtraindo Caracterı́sticas de Arquivos Binários Executáveis
Extraindo Caracterı́sticas de Arquivos Binários Executáveis
 
All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...
All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...
All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...
 
Near-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless MalwareNear-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless Malware
 
Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...
Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...
Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...
 
Integridade, confidencialidade, disponibilidade, ransomware
Integridade, confidencialidade, disponibilidade, ransomwareIntegridade, confidencialidade, disponibilidade, ransomware
Integridade, confidencialidade, disponibilidade, ransomware
 
An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...
An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...
An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...
 
UMLsec
UMLsecUMLsec
UMLsec
 
The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...
The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...
The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...
 
Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?
Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?
Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?
 
Towards Malware Decompilation and Reassembly
Towards Malware Decompilation and ReassemblyTowards Malware Decompilation and Reassembly
Towards Malware Decompilation and Reassembly
 
Reverse Engineering Course
Reverse Engineering CourseReverse Engineering Course
Reverse Engineering Course
 
Malware Variants Identification in Practice
Malware Variants Identification in PracticeMalware Variants Identification in Practice
Malware Variants Identification in Practice
 
Machine Learning for Malware Detection: Beyond Accuracy Rates
Machine Learning for Malware Detection: Beyond Accuracy RatesMachine Learning for Malware Detection: Beyond Accuracy Rates
Machine Learning for Malware Detection: Beyond Accuracy Rates
 
The AV says: Your Hardware Definitions were Updated!
The AV says: Your Hardware Definitions were Updated!The AV says: Your Hardware Definitions were Updated!
The AV says: Your Hardware Definitions were Updated!
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 

Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022

  • 1. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Among Viruses, Trojans, and Backdoors Fighting Malware in 2022 Marcus Botacin 1mfbotacin@inf.ufpr.br mfbotacin@gmail.com marcusbotacin.github.io Among Viruses, Trojans, and Backdoors 1 / 47 UFMG
  • 2. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Who Am I? PhD. in Computer Science (2021) - Federal University of Paraná (UFPR), Brazil Thesis: “On the Malware Detection Problem: Challenges and new Approaches” MSc. in Computer Science (2017) - University of Campinas (UNICAMP), Brazil Dissertation: “Hardware-Assisted Malware Analysis” Computer Engineer (2015) - University of Campinas (UNICAMP), Brazil Final Project: “Malware detection via syscall patterns identification” Among Viruses, Trojans, and Backdoors 2 / 47 UFMG
  • 3. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Malware Detection Malware Detection How have we been doing? Among Viruses, Trojans, and Backdoors 3 / 47 UFMG
  • 4. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Malware Detection How have we been doing? (Malware Specifics) The good side Figure: Source: https://apnews.com/article/europe-ma lware-netherlands-coronavirus-pandem ic-7de5f74120a968bd0a5bee3c57899fed The bad side Figure: Source: https://thehackernews.com/2021/06/dr oidmorph-shows-popular-android.html Among Viruses, Trojans, and Backdoors 4 / 47 UFMG
  • 5. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Malware Detection Malware Detection: What have we been doing? Among Viruses, Trojans, and Backdoors 5 / 47 UFMG
  • 6. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Malware Detection The State-of-the-art in Malware Detection & Prevention Steps 1 Collection 2 Triage 3 Sandbox Analysis 4 Threat Intelligence 5 Endpoint Protection Distributed Processing Collection Cloud Processing Analysis and Intelligence steps Limited Processing Endpoint Among Viruses, Trojans, and Backdoors 6 / 47 UFMG
  • 7. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Malware Detection Collection How to find new malware samples? Searching “dark web” forums. Crawling software repositories. Leveraging honeypots. Checking spam traps. Downloading Malware repositories. Scrapping blocklists. The result Figure: Source: https://www.forbes.com/sites/thomasb rewster/2021/09/29/google-play-warni ng-200-android-apps-stole-millions -from-10-million-phones/ Among Viruses, Trojans, and Backdoors 7 / 47 UFMG
  • 8. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Malware Detection Triage Why how many new malware samples? Variations from the same source code. Implications Increase processing costs and response time. How to solve this problem? Identify and cluster similar samples. The Statistics Figure: Source: https://www.kaspersky.com/about/pres s-releases/2020 the-number-of-new-m alicious-files-detected-every-day- increases-by-52-to-360000-in-2020 Among Viruses, Trojans, and Backdoors 8 / 47 UFMG
  • 9. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Malware Detection Sandbox Analysis Goals Uncover hidden behaviors. Method Trace sample execution. Challenge Handle evasion attempts. Solution 1 Figure: https://blog.vir ustotal.com/2019/05/vi rustotal-multisandbox- yoroi-yomi.html Solution 2 Figure: https: //blog.virustotal.com/ 2019/07/virustotal-mul tisandbox-sndbox.html Among Viruses, Trojans, and Backdoors 9 / 47 UFMG
  • 10. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Malware Detection Threat Intelligence Goal Identify trends and predict attacks. How? Data analytics over analyzed samples. Challenges Look to a representative dataset. We should look to: Figure: Source: https://www.computerweekly.com/news/ 252504676/Ransomware-attacks-increas e-dramatically-during-2021 Among Viruses, Trojans, and Backdoors 10 / 47 UFMG
  • 11. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Malware Detection Endpoint Protection Goal Protect customers in their machines. How? Moving the viable analyses to the endpoint. Challenges Performance and usability constraints. Is there a “best”? Figure: Source: https://www.av-test.or g/en/antivirus/home-windows/ Among Viruses, Trojans, and Backdoors 11 / 47 UFMG
  • 12. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Sandboxing Enhancing Malware Tracing Among Viruses, Trojans, and Backdoors 12 / 47 UFMG
  • 13. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Sandboxing Publication Figure: Link: https://link.springer.com/article/10.1007/s11416-017-0292-8 Among Viruses, Trojans, and Backdoors 13 / 47 UFMG
  • 14. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Sandboxing Software-based Sandbox Figure: System Architecture. Analysis VMs. Among Viruses, Trojans, and Backdoors 14 / 47 UFMG
  • 15. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Sandboxing Publication Figure: Link: https://dl.acm.org/doi/10.1145/3152162 Among Viruses, Trojans, and Backdoors 15 / 47 UFMG
  • 16. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Sandboxing Hardware-based Sandbox Monitoring Steps 1 Software executes a branch. 2 Processor stores branch address in memory page. 3 Processor raises an interrupt. 4 Kernel handles interrupt. 5 Kernel sends data to userland. 6 Userland introspects into this data. Figure: System Architecture. Among Viruses, Trojans, and Backdoors 16 / 47 UFMG
  • 17. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Sandboxing Key Insight: Branches define basic blocks Figure: Identified branches and basic blocks. Figure: CFG Reconstruction. Among Viruses, Trojans, and Backdoors 17 / 47 UFMG
  • 18. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Threat Intelligence From Tracing to Threat Intelligence Among Viruses, Trojans, and Backdoors 18 / 47 UFMG
  • 19. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Threat Intelligence Publications Figure: Link: https: //dl.acm.org/doi/10.1145/3429741 Figure: Link: https://dl.acm.org/doi/1 0.1145/3339252.3340103 Among Viruses, Trojans, and Backdoors 19 / 47 UFMG
  • 20. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Threat Intelligence Brazilian Financial Malware on Desktop Figure: Passive Banker Malware for Santander bank waiting for user’s credential input. Figure: Passive Banker Malware for Itaú bank waiting for user’s credential input. Among Viruses, Trojans, and Backdoors 20 / 47 UFMG
  • 21. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Threat Intelligence Brazilian Financial Malware on Mobile Figure: BB’s Whatsapp chatbot. Figure: Bradesco’s Whatsapp chatbot. Among Viruses, Trojans, and Backdoors 21 / 47 UFMG
  • 22. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Threat Intelligence More about Brazilian Malware Figure: Link: https://www.usenix.org/conference/enigma2021/presentation/botacin Among Viruses, Trojans, and Backdoors 22 / 47 UFMG
  • 23. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Endpoint Protection From Threat Intelligence to Endpoint Protection Among Viruses, Trojans, and Backdoors 23 / 47 UFMG
  • 24. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Endpoint Protection Publication Figure: Link: https://www.sciencedirect.com/science/article/pii/S0167404821003242 Among Viruses, Trojans, and Backdoors 24 / 47 UFMG
  • 25. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Endpoint Protection Drawback: Real-time monitoring performance penalty 0 50 100 150 200 250 Perl Xalanc Gobmk H264 Namd Mcf Time (s) Benchmark AV’s Monitoring Performance Filter AV SSDT AV No AV Figure: AV Monitoring Performance. 0 50 100 150 200 250 300 perl namd Bzip milc mfc Execution Time (s) Benchmark AV scanning overhead Scan Baseline Figure: In-memory AV scans worst-case and best-case performance penalties. Among Viruses, Trojans, and Backdoors 25 / 47 UFMG
  • 26. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Endpoint Protection Publication Figure: Link: https://ieeexplore.ieee.org/document/9034972 Among Viruses, Trojans, and Backdoors 26 / 47 UFMG
  • 27. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Endpoint Protection SMC-Aware Processor Figure: Sample Profiling. Figure: System Overview. Among Viruses, Trojans, and Backdoors 27 / 47 UFMG
  • 28. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Endpoint Protection Publication Figure: Link: https://link.springer.com/article/10.1007/s11416-020-00348-w Among Viruses, Trojans, and Backdoors 28 / 47 UFMG
  • 29. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Endpoint Protection SMC-Aware Processor Figure: Modified Cache. Figure: Modified MMU. Among Viruses, Trojans, and Backdoors 29 / 47 UFMG
  • 30. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Endpoint Protection Publication Figure: Link: https://www.sciencedirect.com/science/article/abs/pii/S0957417422004882 Among Viruses, Trojans, and Backdoors 30 / 47 UFMG
  • 31. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Endpoint Protection A first idea: Hardware features as signatures Figure: Two-level branch predictor. A sequence window of taken (1) and not-taken (0) branches is stored in the Global History Register (GHR). 0 10 20 30 40 50 60 70 80 90 100 8 16 24 32 40 Percentage of signature collision in the k−bit space Branch pattern length (in k bits) Percentage of signature collision per branch−pattern length (in bits) Patterns Figure: Branch patterns coverage. Among Viruses, Trojans, and Backdoors 31 / 47 UFMG
  • 32. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Solutions Availability Solutions Availability Among Viruses, Trojans, and Backdoors 32 / 47 UFMG
  • 33. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Solutions Availability Code: The BranchMonitoring Project Figure: Link: https://github.com/marcusbotacin/BranchMonitoringProject Among Viruses, Trojans, and Backdoors 33 / 47 UFMG
  • 34. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Solutions Availability Service: Corvus Platform Figure: Link: corvus.inf.ufpr.br Figure: Corvus’ Threat Intelligence. Among Viruses, Trojans, and Backdoors 34 / 47 UFMG
  • 35. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Current Projects Current Research: Malware Decompilation Among Viruses, Trojans, and Backdoors 35 / 47 UFMG
  • 36. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Current Projects Publication Figure: Link: https://dl.acm.org/doi/10.1145/3375894.3375895 Among Viruses, Trojans, and Backdoors 36 / 47 UFMG
  • 37. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Current Projects Decompilation Execution Example 1 Data Extraction Debugging with GDB. Decompilation Lifting with Python. Recompilation Using GCC. Among Viruses, Trojans, and Backdoors 37 / 47 UFMG
  • 38. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Current Projects Publication Figure: Link: https://arxiv.org/abs/2109.06127 Among Viruses, Trojans, and Backdoors 38 / 47 UFMG
  • 39. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Current Projects Decompilation Execution Example 1 Figure: Malware Source-Code. Figure: Generated Patch. Among Viruses, Trojans, and Backdoors 39 / 47 UFMG
  • 40. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Machine Learning Machine Learning: The Latest Trend Among Viruses, Trojans, and Backdoors 40 / 47 UFMG
  • 41. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Machine Learning Malware Evasion Competition Figure: Source: mlsec.io Figure: Source: https: //www.microsoft.com/security/blog/20 21/07/29/attack-ai-systems-in-machin e-learning-evasion-competition/ Among Viruses, Trojans, and Backdoors 41 / 47 UFMG
  • 42. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Machine Learning Adversarial Machine Learning Figure: Source: https://github.com/marcusbotacin/Talks/tree/master/Waikato Among Viruses, Trojans, and Backdoors 42 / 47 UFMG
  • 43. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Machine Learning Adversarial Malware Figure: Dropper Strategy. Figure: Data Appendix Result. Among Viruses, Trojans, and Backdoors 43 / 47 UFMG
  • 44. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Machine Learning Challenge Results Figure: Defenders Challenge. Among Viruses, Trojans, and Backdoors 44 / 47 UFMG
  • 45. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Machine Learning Challenge Results Figure: Attackers Challenge. Among Viruses, Trojans, and Backdoors 45 / 47 UFMG
  • 46. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Machine Learning What’s Next? Among Viruses, Trojans, and Backdoors 46 / 47 UFMG
  • 47. Introduction Contributions Moving Forward Current Research Future Challenges Conclusions Recap & Remarks Thanks! Questions? Comments? @MarcusBotacin mfbotacin@inf.ufpr.br mfbotacin@gmail.com marcusbotacin.github.io corvus.inf.ufpr.br Among Viruses, Trojans, and Backdoors 47 / 47 UFMG