Toward Automated Dynamic Malware Analysis Using CWSandbox
IEEE Security and Privacy
Countering Persistent Kernel Rootkits through Systematic Hook Discovery
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Multi-aspect profiling of kernel rootkit behavior
Proceedings of the 4th ACM European conference on Computer systems
Mapping kernel objects to enable systematic integrity checking
Proceedings of the 16th ACM conference on Computer and communications security
Reverse engineering of binary device drivers with RevNIC
Proceedings of the 5th European conference on Computer systems
Towards Understanding Malware Behaviour by the Extraction of API Calls
CTC '10 Proceedings of the 2010 Second Cybercrime and Trustworthy Computing Workshop
A survey on automated dynamic malware-analysis techniques and tools
ACM Computing Surveys (CSUR)
The S2E Platform: Design, Implementation, and Applications
ACM Transactions on Computer Systems (TOCS) - Special Issue APLOS 2011
Hi-index | 0.00 |
A (kernel mode) API spectrum of binary code is a histogram of the (kernel) API calls made by that code. When API calls are grouped into functional classes, an API spectrum can give a compact insight into the possible functionality of an unknown piece of code and therefore is useful in IT incident response and digital forensics. We present the design and implementation of an API spectroscope for the Windows operating system. One main feature of our system is its use of the Windows kernel debugger as a translator of binary code to API names used in our spectrum.