GoldenEye: Efficiently and Effectively Unveiling Malwares Targeted Environment Conference Paper uri icon

abstract

  • A critical challenge when combating malware threat is how to efficiently and effectively identify the targeted victim's environment, given an unknown malware sample. Unfortunately, existing malware analysis techniques either use a limited, fixed set of analysis environments (not effective) or employ expensive, time-consuming multi-path exploration (not efficient), making them not well-suited to solve this challenge. As such, this paper proposes a new dynamic analysis scheme to deal with this problem by applying the concept of speculative execution in this new context. Specifically, by providing multiple dynamically created, parallel, and virtual environment spaces, we speculatively execute a malware sample and adaptively switch to the right environment during the analysis. Interestingly, while our approach appears to trade space for speed, we show that it can actually use less memory space and achieve much higher speed than existing schemes. We have implemented a prototype system, GoldenEye, and evaluated it with a large real-world malware dataset. The experimental results show that GoldenEye outperforms existing solutions and can effectively and efficiently expose malware's targeted environment, thereby speeding up the analysis in the critical battle against the emerging targeted malware threat. 2014 Springer International Publishing.

published proceedings

  • Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

author list (cited authors)

  • Xu, Z., Zhang, J., Gu, G., & Lin, Z