SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
HPCA '05 Proceedings of the 11th International Symposium on High-Performance Computer Architecture
Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for Spyware Management
LISA '04 Proceedings of the 18th USENIX conference on System administration
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Detecting Stealth Software with Strider GhostBuster
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
The taser intrusion recovery system
Proceedings of the twentieth ACM symposium on Operating systems principles
Cobra: Fine-grained Malware Analysis using Stealth Localized-executions
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Back to the Future: A Framework for Automatic Malware Removal and System Repair
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Practical taint-based protection using demand emulation
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
QEMU, a fast and portable dynamic translator
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Exploring Multiple Execution Paths for Malware Analysis
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Polyglot: automatic extraction of protocol message format using dynamic binary analysis
Proceedings of the 14th ACM conference on Computer and communications security
Efficient fine-grained binary instrumentationwith applications to taint-tracking
Proceedings of the 6th annual IEEE/ACM international symposium on Code generation and optimization
A type system for data-flow integrity on windows vista
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Ghost turns zombie: exploring the life cycle of web-based malware
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Dynamic Binary Instrumentation-Based Framework for Malware Defense
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Learning and Classification of Malware Behavior
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
On the Limits of Information Flow Techniques for Malware Analysis and Containment
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
BotTracer: Execution-Based Bot-Like Malware Detection
ISC '08 Proceedings of the 11th international conference on Information Security
Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
A Layered Architecture for Detecting Malicious Behaviors
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Ether: malware analysis via hardware virtualization extensions
Proceedings of the 15th ACM conference on Computer and communications security
Towards automatic reverse engineering of software security configurations
Proceedings of the 15th ACM conference on Computer and communications security
Privacy oracle: a system for finding application leaks with black box differential testing
Proceedings of the 15th ACM conference on Computer and communications security
Proceedings of the 15th ACM conference on Computer and communications security
Using virtual machines to do cross-layer damage assessment
Proceedings of the 1st ACM workshop on Virtual machine security
Eureka: A Framework for Enabling Static Malware Analysis
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
SS'08 Proceedings of the 17th conference on Security symposium
A type system for data-flow integrity on Windows Vista
ACM SIGPLAN Notices
Multi-aspect profiling of kernel rootkit behavior
Proceedings of the 4th ACM European conference on Computer systems
Pointless tainting?: evaluating the practicality of pointer tainting
Proceedings of the 4th ACM European conference on Computer systems
Proceedings of the 41st annual IEEE/ACM International Symposium on Microarchitecture
Measuring channel capacity to distinguish undue influence
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Application security code analysis: a step towards software assurance
International Journal of Information and Computer Security
Malyzer: Defeating Anti-detection for Application-Level Malware Analysis
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Detecting code clones in binary executables
Proceedings of the eighteenth international symposium on Software testing and analysis
How Good Are Malware Detectors at Remediating Infected Systems?
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Persona: an online social network with user-defined privacy
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
Automated Spyware Collection and Analysis
ISC '09 Proceedings of the 12th International Conference on Information Security
Countering kernel rootkits with lightweight hook protection
Proceedings of the 16th ACM conference on Computer and communications security
Emulating emulation-resistant malware
Proceedings of the 1st ACM workshop on Virtual machine security
Toward Revealing Kernel Malware Behavior in Virtual Execution Environments
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
A Framework for Behavior-Based Malware Analysis in the Cloud
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Toward trustworthy mobile sensing
Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications
Reverse engineering of binary device drivers with RevNIC
Proceedings of the 5th European conference on Computer systems
Defeating return-oriented rootkits with "Return-Less" kernels
Proceedings of the 5th European conference on Computer systems
ACM SIGOPS Operating Systems Review
Learning more about the underground economy: a case-study of keyloggers and dropzones
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Strict control dependence and its effect on dynamic information flow analyses
Proceedings of the 19th international symposium on Software testing and analysis
A view on current malware behaviors
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Behavioral clustering of HTTP-based malware and signature generation using malicious network traces
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Layering in provenance systems
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
A fistful of red-pills: how to automatically generate procedures to detect CPU emulators
WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies
AccessMiner: using system-centric models for malware protection
Proceedings of the 17th ACM conference on Computer and communications security
HookScout: proactive binary-centric hook detection
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Take a deep breath: a stealthy, resilient and cost-effective botnet using skype
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Proceedings of the 2010 workshop on New security paradigms
Porscha: policy oriented secure content handling in Android
Proceedings of the 26th Annual Computer Security Applications Conference
Cross-layer comprehensive intrusion harm analysis for production workload server systems
Proceedings of the 26th Annual Computer Security Applications Conference
Intrusion recovery using selective re-execution
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Learning automata representation of network protocol by grammar induction
WISM'10 Proceedings of the 2010 international conference on Web information systems and mining
Automatic generation of remediation procedures for malware infections
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Attribution of malicious behavior
ICISS'10 Proceedings of the 6th international conference on Information systems security
LeakProber: a framework for profiling sensitive data leakage paths
Proceedings of the first ACM conference on Data and application security and privacy
TaintEraser: protecting sensitive data leaks using application-level taint tracking
ACM SIGOPS Operating Systems Review
A framework for defending embedded systems against software attacks
ACM Transactions on Embedded Computing Systems (TECS)
Cross-application data provenance and policy enforcement
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Deriving common malware behavior through graph clustering
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Inoculation against malware infection using kernel-level software sensors
Proceedings of the 8th ACM international conference on Autonomic computing
Safe side effects commitment for OS-level virtualization
Proceedings of the 8th ACM international conference on Autonomic computing
Vision: automated security validation of mobile apps at app markets
MCS '11 Proceedings of the second international workshop on Mobile cloud computing and services
Towards practical avoidance of information leakage in enterprise networks
HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
Cloaking malware with the trusted platform module
SEC'11 Proceedings of the 20th USENIX conference on Security
DepSim: a dependency-based malware similarity comparison system
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Silverline: toward data confidentiality in storage-intensive cloud applications
Proceedings of the 2nd ACM Symposium on Cloud Computing
Evaluation of a spyware detection system using thin client computing
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Linear obfuscation to combat symbolic execution
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Floguard: cost-aware systemwide intrusion defense via online forensics and on-demand IDS deployment
SAFECOMP'11 Proceedings of the 30th international conference on Computer safety, reliability, and security
Proceedings of the 18th ACM conference on Computer and communications security
Taint-exchange: a generic system for cross-process and cross-host taint tracking
IWSEC'11 Proceedings of the 6th International conference on Advances in information and computer security
A survey on automated dynamic malware-analysis techniques and tools
ACM Computing Surveys (CSUR)
Static program analysis assisted dynamic taint tracking for software vulnerability discovery
Computers & Mathematics with Applications
"Andromaly": a behavioral malware detection framework for android devices
Journal of Intelligent Information Systems
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
Using purpose capturing signatures to defeat computer virus mutating
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
The potential of sampling for dynamic analysis
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Minemu: the world's fastest taint tracker
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Challenges for dynamic analysis of iOS applications
iNetSec'11 Proceedings of the 2011 IFIP WG 11.4 international conference on Open Problems in Network Security
Constroid: data-centric access control for android
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Shadow attacks: automatically evading system-call-behavior based malware detection
Journal in Computer Virology
A quantitative study of accuracy in system call-based malware detection
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Holography: a behavior-based profiler for malware analysis
Software—Practice & Experience
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Tracking rootkit footprints with a practical memory analysis system
Security'12 Proceedings of the 21st USENIX conference on Security symposium
AutoDunt: dynamic latent dependence analysis for detection of zero day vulnerability
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
Potentia est scientia: security and privacy implications of energy-proportional computing
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Impeding automated malware analysis with environment-sensitive malware
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
ADEL: an automatic detector of energy leaks for smartphone applications
Proceedings of the eighth IEEE/ACM/IFIP international conference on Hardware/software codesign and system synthesis
Improving malware classification: bridging the static/dynamic gap
Proceedings of the 5th ACM workshop on Security and artificial intelligence
A software-hardware architecture for self-protecting data
Proceedings of the 2012 ACM conference on Computer and communications security
Adaptive defenses for commodity software through virtual application partitioning
Proceedings of the 2012 ACM conference on Computer and communications security
PeerPress: utilizing enemies' P2P strength against them
Proceedings of the 2012 ACM conference on Computer and communications security
DTAM: dynamic taint analysis of multi-threaded programs for relevancy
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Assessing the trustworthiness of drivers
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Detecting control flow in smarphones: combining static and dynamic analyses
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Information Sciences: an International Journal
Information Security Tech. Report
Scalable fine-grained behavioral clustering of HTTP-based malware
Computer Networks: The International Journal of Computer and Telecommunications Networking
System-Level support for intrusion recovery
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
iBinHunt: binary hunting with inter-procedural control flow
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Enforcing system-wide control flow integrity for exploit detection and diagnosis
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones
Communications of the ACM
Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection
ACM Transactions on Information and System Security (TISSEC)
A taint marking approach to confidentiality violation detection
AISC '12 Proceedings of the Tenth Australasian Information Security Conference - Volume 125
POSTER: Detecting malware through temporal function-based features
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
ShadowReplica: efficient parallelization of dynamic data flow tracking
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
SilverLine: preventing data leaks from compromised web applications
Proceedings of the 29th Annual Computer Security Applications Conference
USENIX ATC'13 Proceedings of the 2013 USENIX conference on Annual Technical Conference
Information flow tracking meets just-in-time compilation
ACM Transactions on Architecture and Code Optimization (TACO)
On quantitative dynamic data flow tracking
Proceedings of the 4th ACM conference on Data and application security and privacy
Generating profile-based signatures for online intrusion and failure detection
Information and Software Technology
The impact of the antivirus on the digital evidence
International Journal of Electronic Security and Digital Forensics
Hi-index | 0.02 |
Malicious programs spy on users' behavior and compromise their privacy. Even software from reputable vendors, such as Google Desktop and Sony DRM media player, may perform undesirable actions. Unfortunately, existing techniques for detecting malware and analyzing unknown code samples are insufficient and have significant shortcomings. We observe that malicious information access and processing behavior is the fundamental trait of numerous malware categories breaching users' privacy (including keyloggers, password thieves, network sniffers, stealth backdoors, spyware and rootkits), which separates these malicious applications from benign software. We propose a system, Panorama, to detect and analyze malware by capturing this fundamental trait. In our extensive experiments, Panorama successfully detected all the malware samples and had very few false positives. Furthermore, by using Google Desktop as a case study, we show that our system can accurately capture its information access and processing behavior, and we can confirm that it does send back sensitive information to remote servers in certain settings. We believe that a system such as Panorama will offer indispensable assistance to code analysts and malware researchers by enabling them to quickly comprehend the behavior and innerworkings of an unknown sample.