|
Abstract:
|
Malware - - a term that refers to viruses , trojans , worms , spyware or any form of malicious code - - is widespread today . Given the devastating effects that malware have on the computing world , detecting and countering malware is an important goal . Malware analysis is a challenging and multi -step process providing insight into malware structure and functionality , facilitating the development of an antidote . To successfully detect and counter malware , malware analysts must be able to analyze them in binary , in both a coarse - (behavioral ) and fine -grained (structural ) fashion . However , current research in coarse - and fine -grained code analysis (categorized into static and dynamic ) have severe shortcomings in the context of malware . Static approaches have been tailored towards malware and allow exhaustive fine -grained malicious code analysis , but lack support for self -modifying code , have limitationsrelated to code -obfuscations and face the undecidability problem . Given that most if not all recent malware employ self -modifying code and code -obfuscations , poses the need to analyze them at runtime using dynamic approaches . Current dynamic approaches for coarse - and fine -grained code analysis are not tailored specifically towards malware and lack support for multithreading , self -modifying /self -checking (SM -SC ) code and are easily detected and countered by ever -evolving anti -analysis tricks employed by malware .
To address this problem , we propose WiLDCAT , an integrated dynamic malware analysis environment that facilitates the analysis and combat of malware , that are ever -evolving , becoming evasive and increasingly hard to analyze . WiLDCAT cannot be detected or countered in any fashion and incorporates novel , patent pending strategies for both dynamic coarse - and fine -grained binary code analysis , while remaining completely stealth . The environment allows comprehensive analysis of malware code -streams while selectively isolating them from other code -streams in real -time . WiLDCAT is portable , efficient and easy -to -use supporting multithreading , SM -SC code and any form of code obfuscations in both user and kernel -mode on commodity operating systems . It advances the state of the art in research pertaining to malware analysis by providing the toolkit that was sorely missing in the arsenal of malware analysts , until now! |