Persistent Link:
http://hdl.handle.net/10150/312567
Title:
Analysis of Evasion Techniques in Web-based Malware
Author:
Lu, Gen
Issue Date:
2013
Publisher:
The University of Arizona.
Rights:
Copyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.
Abstract:
Web-based mechanisms, often mediated by malicious JavaScript code, play an important role in malware delivery today, making defenses against web-based malware crucial for system security. To make it even more challenging, malware authors often take advantage of various evasion techniques to evade detection. As a result, a constant arms race of evasion and detection techniques between malware authors and security analysts has led to advancement in code obfuscation and anti-analysis techniques. This dissertation focuses on the defenses against web-based malware protected by advanced evasion techniques from both defensive and offensive perspectives. From a defensive perspective, we examine existing evasion techniques and propose deobfuscation and detection approaches to defeating some popular techniques used by web-based malware today. In the case of code-unfolding based obfuscation, we use a semantics-based approach to simplify away obfuscations by identifying code that is relevant to the behavior of the original program. In the case of environment-dependent malware, we propose environmental predicate, which detects behavior discrepancy of JavaScript program between targeted browser and detector sandbox, therefore protecting users from possible detection false negatives caused by environmental triggers. From an offensive perspective, we analyze existing detection techniques to examining their assumptions and study how these assumptions can be broken. We also propose a combination of obfuscation and anti-analysis techniques, targeting these limitations, which can hide existing web-based malware from state-of-the-art detectors.
Type:
text; Electronic Dissertation
Keywords:
obfuscation; web security; Computer Science; malware detection
Degree Name:
Ph.D.
Degree Level:
doctoral
Degree Program:
Graduate College; Computer Science
Degree Grantor:
University of Arizona
Advisor:
Debray, Saumya

Full metadata record

DC FieldValue Language
dc.language.isoen_USen
dc.titleAnalysis of Evasion Techniques in Web-based Malwareen_US
dc.creatorLu, Genen_US
dc.contributor.authorLu, Genen_US
dc.date.issued2013-
dc.publisherThe University of Arizona.en_US
dc.rightsCopyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.en_US
dc.description.abstractWeb-based mechanisms, often mediated by malicious JavaScript code, play an important role in malware delivery today, making defenses against web-based malware crucial for system security. To make it even more challenging, malware authors often take advantage of various evasion techniques to evade detection. As a result, a constant arms race of evasion and detection techniques between malware authors and security analysts has led to advancement in code obfuscation and anti-analysis techniques. This dissertation focuses on the defenses against web-based malware protected by advanced evasion techniques from both defensive and offensive perspectives. From a defensive perspective, we examine existing evasion techniques and propose deobfuscation and detection approaches to defeating some popular techniques used by web-based malware today. In the case of code-unfolding based obfuscation, we use a semantics-based approach to simplify away obfuscations by identifying code that is relevant to the behavior of the original program. In the case of environment-dependent malware, we propose environmental predicate, which detects behavior discrepancy of JavaScript program between targeted browser and detector sandbox, therefore protecting users from possible detection false negatives caused by environmental triggers. From an offensive perspective, we analyze existing detection techniques to examining their assumptions and study how these assumptions can be broken. We also propose a combination of obfuscation and anti-analysis techniques, targeting these limitations, which can hide existing web-based malware from state-of-the-art detectors.en_US
dc.typetexten
dc.typeElectronic Dissertationen
dc.subjectobfuscationen_US
dc.subjectweb securityen_US
dc.subjectComputer Scienceen_US
dc.subjectmalware detectionen_US
thesis.degree.namePh.D.en_US
thesis.degree.leveldoctoralen_US
thesis.degree.disciplineGraduate Collegeen_US
thesis.degree.disciplineComputer Scienceen_US
thesis.degree.grantorUniversity of Arizonaen_US
dc.contributor.advisorDebray, Saumyaen_US
dc.contributor.committeememberDebray, Saumyaen_US
dc.contributor.committeememberLowenthal, Daviden_US
dc.contributor.committeememberHartman, Johnen_US
dc.contributor.committeememberGniady, Christopheren_US
All Items in UA Campus Repository are protected by copyright, with all rights reserved, unless otherwise indicated.