Replacement attacks: automatically evading behavior-based software birthmark

被引:0
|
作者
Zhi Xin
Huiyu Chen
Xinche Wang
Peng Liu
Sencun Zhu
Bing Mao
Li Xie
机构
[1] Nanjing University,State Key Laboratory for Novel Software Technology, Department of Computer Science and Technology
[2] The Pennsylvania State University,College of Information Science and Technology
来源
International Journal of Information Security | 2012年 / 11卷
关键词
Software birthmark; Replacement attack; System call; Dependency graph;
D O I
暂无
中图分类号
学科分类号
摘要
Software birthmarks utilize certain specific program characteristics to validate the origin of software, so it can be applied to detect software piracy. One state-of-the-art technology on software birthmark adopts dynamic system call dependence graphs as the unique signature of a program, which cannot be cluttered by existing obfuscation techniques and is also immune to the no-ops system call insertion attack. In this paper, we analyze its weaknesses and construct replacement attacks with the help of semantics equivalent system calls to unlock the high frequency dependencies between the system calls in the victim’s original system call dependence graph. Our results show that the proposed replacement attacks can destroy the original birthmark successfully.
引用
收藏
页码:293 / 304
页数:11
相关论文
共 50 条
  • [1] Replacement attacks: automatically evading behavior-based software birthmark
    Xin, Zhi
    Chen, Huiyu
    Wang, Xinche
    Liu, Peng
    Zhu, Sencun
    Mao, Bing
    Xie, Li
    INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2012, 11 (05) : 293 - 304
  • [2] Replacement Attacks on Behavior Based Software Birthmark
    Xin, Zhi
    Chen, Huiyu
    Wang, Xinche
    Liu, Peng
    Zhu, Sencun
    Mao, Bing
    Xie, Li
    INFORMATION SECURITY, 2011, 7001 : 1 - +
  • [3] Shadow attacks: automatically evading system-call-behavior based malware detection
    Ma, Weiqin
    Duan, Pu
    Liu, Sanmin
    Gu, Guofei
    Liu, Jyh-Charn
    JOURNAL IN COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2012, 8 (1-2): : 1 - 13
  • [4] Impeding behavior-based malware analysis via replacement attacks to malware specifications
    Ming J.
    Xin Z.
    Lan P.
    Wu D.
    Liu P.
    Mao B.
    Journal of Computer Virology and Hacking Techniques, 2017, 13 (3) : 193 - 207
  • [5] Automatically evading IDS using GP authored attacks
    Kayacik, H. Guenes
    Zincir-Heywood, A. Nur
    Heywood, Malcolm I.
    2007 IEEE SYMPOSIUM ON COMPUTATIONAL INTELLIGENCE IN SECURITY AND DEFENSE APPLICATIONS, 2007, : 153 - +
  • [6] A Behavior-based Method for Detecting DNS Amplification Attacks
    Cai, Longzhu
    Feng, Yaokai
    Kawamoto, Junpei
    Sakurai, Kouichi
    2016 10TH INTERNATIONAL CONFERENCE ON INNOVATIVE MOBILE AND INTERNET SERVICES IN UBIQUITOUS COMPUTING (IMIS), 2016, : 608 - 613
  • [7] Component behavior-based adaptation in embedded software
    da Silva Filho, Antonio Mendes
    Polato, Ivanilton
    INNOVATIONS IN SYSTEMS AND SOFTWARE ENGINEERING, 2006, 2 (3-4) : 113 - 119
  • [8] BrowserGuard: A Behavior-Based Solution to Drive-by-Download Attacks
    Hsu, Fu-Hau
    Tso, Chang-Kuo
    Yeh, Yi-Chun
    Wang, Wei-Jen
    Chen, Li-Han
    IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, 2011, 29 (07) : 1461 - 1468
  • [9] Estimation of software features based birthmark
    Shah Nazir
    Sara Shahzad
    Rodziah Binti Atan
    Haleem Farman
    Cluster Computing, 2018, 21 : 333 - 346
  • [10] Research on a Behavior-Based Software Test Process Model
    Lu, Yongzhong
    Da, Simeng
    Yang, Jun
    Song, Junli
    Nie, Songlin
    ISCSCT 2008: INTERNATIONAL SYMPOSIUM ON COMPUTER SCIENCE AND COMPUTATIONAL TECHNOLOGY, VOL 2, PROCEEDINGS, 2008, : 114 - +
12345