Please use this identifier to cite or link to this item: http://repositorio.unicamp.br/jspui/handle/REPOSIP/336756
Full metadata record
DC FieldValueLanguage
dc.contributor.CRUESPUNIVERSIDADE ESTADUAL DE CAMPINASpt_BR
dc.contributor.authorunicampGeus, Paulo Lício de-
dc.typeArtigopt_BR
dc.title"Vanilla" malware : vanishing antiviruses by interleaving layers and layers of attackspt_BR
dc.contributor.authorBotacin, Marcus-
dc.contributor.authorde Geus, Paulo Licio-
dc.contributor.authorGregio, Andre-
dc.subjectMalware (Software)pt_BR
dc.subject.otherlanguageMalware (Computer software)pt_BR
dc.description.abstractMalware are persistent threats to any networked systems. Recent years increase in multi-core, distributed systems created new opportunities for malware authors to exploit such capabilities. In particular, the distributed execution of a malware in multiple cores may be used to evade currently widespread single-core-based detectors (e.g., antiviruses, or AVs) and malware analysis solutions that are unable to correlate data from multiple sources. In this paper, we propose a technique for distributing the malware functions in several distinct "vanilla" processes to show that AVs can be easily evaded. Therefore, our technique allows malware to interleave of layers of attacks to remain undetected by current AVs. Our goal is to expose a real menace and to discuss it so as to provide insights for the development of better AVs. We discuss the role of distributed and multicore-based malware in current and future threat scenarios with practical examples that we specially crafted for testing (e.g., a distributed sample synchronized via cache side channels). We (i) review multi-threaded/processed implementation issues (from kernel and userland) and present a multi-core-based monitoring solution; (ii) present strategies for code distribution, exemplified via DLL injectors, and discuss their weak and strong points; and (iii) evaluate how real security solutions perform when exposed to distributed malware. We converted real, serial malware to parallel code and showed that current AVs are not fully able to detect multi-core malwarept_BR
dc.relation.ispartofJournal of computer virology and hacking techniquespt_BR
dc.relation.ispartofabbreviationJ. comput. virol. hacking tech.pt_BR
dc.publisher.cityParispt_BR
dc.publisher.countryFrançapt_BR
dc.publisherSpringerpt_BR
dc.date.issued2019-
dc.date.monthofcirculationDec.pt_BR
dc.language.isoengpt_BR
dc.description.volume15pt_BR
dc.description.issuenumber4pt_BR
dc.description.firstpage233pt_BR
dc.description.lastpage247pt_BR
dc.rightsFechadopt_BR
dc.sourceWOSpt_BR
dc.identifier.eissn2263-8733pt_BR
dc.identifier.doi10.1007/s11416-019-00333-ypt_BR
dc.identifier.urlhttps://link.springer.com/article/10.1007/s11416-019-00333-ypt_BR
dc.description.sponsorshipCONSELHO NACIONAL DE DESENVOLVIMENTO CIENTÍFICO E TECNOLÓGICO - CNPQpt_BR
dc.description.sponsorshipCOORDENAÇÃO DE APERFEIÇOAMENTO DE PESSOAL DE NÍVEL SUPERIOR - CAPESpt_BR
dc.description.sponsordocumentnumber24/2014; 23038.007604/2014-69pt_BR
dc.description.sponsordocumentnumber164745/2017-3pt_BR
dc.date.available2020-03-17T21:59:15Z-
dc.date.accessioned2020-03-17T21:59:15Z-
dc.description.provenanceSubmitted by Mariana Aparecida Azevedo (mary1@unicamp.br) on 2020-03-17T21:59:15Z No. of bitstreams: 0. Added 1 bitstream(s) on 2020-07-20T14:19:54Z : No. of bitstreams: 1 000497507200001.pdf: 767639 bytes, checksum: b829b8c1a6a1748f2052466fc4de2803 (MD5)en
dc.description.provenanceMade available in DSpace on 2020-03-17T21:59:15Z (GMT). No. of bitstreams: 0 Previous issue date: 2019en
dc.identifier.urihttp://repositorio.unicamp.br/jspui/handle/REPOSIP/336756-
dc.contributor.departmentDepartamento de Sistemas de Computaçãopt_BR
dc.contributor.unidadeInstituto de Computaçãopt_BR
dc.subject.keywordMulti-corept_BR
dc.subject.keywordDLL injectionpt_BR
dc.subject.keywordCache side-channelpt_BR
dc.identifier.source000497507200001pt_BR
dc.creator.orcid0000-0002-6540-8686pt_BR
dc.type.formArtigo originalpt_BR
Appears in Collections:IC - Artigos e Outros Documentos

Files in This Item:
File Description SizeFormat 
000497507200001.pdf749.65 kBAdobe PDFView/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.