<div class="csl-bib-body">
<div class="csl-entry">Kolbitsch, C., Holz, T., Krügel, C., & Kirda, E. (2010). Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries. In <i>2010 IEEE Symposium on Security and Privacy</i> (pp. 29–44). IEEE Computer Society. https://doi.org/10.1109/SP.2010.10</div>
</div>
-
dc.identifier.uri
http://hdl.handle.net/20.500.12708/53346
-
dc.description.abstract
Abstract-Unfortunately, malicious software is still an un-
solved problem and a major threat on the Internet. An impor-
tant component in the fight against malicious software is the
analysis of malware samples: Only if an analyst understands
the behavior of a given sample, she can design appropriate
countermeasures. Manual approaches are frequently used to
analyze certain key algorithms, such as downloading of encoded
updates, or generating new DNS domains for command and
control purposes.
In this paper, we present a novel approach to automatically
extract, from a given binary executable, the algorithm related
to a certain activity of the sample. We isolate and extract these
instructions and generate a so-called gadget, i.e., a stand-alone
component that encapsulates a specific behavior. We make sure
that a gadget can autonomously perform a specific task by
including all relevant code and data into the gadget such that
it can be executed in a self-contained fashion.
Gadgets are useful entities in analyzing malicious software:
In particular, they are valuable for practitioners, as under-
standing a certain activity that is embedded in a binary
sample (e.g., the update function) is still largely a manual and
complex task. Our evaluation with several real-world samples
demonstrates that our approach is versatile and useful in
practice.
en
dc.description.sponsorship
European Commission
-
dc.language.iso
en
-
dc.publisher
IEEE Computer Society
-
dc.relation.ispartofseries
Proceedings - IEEE Symposium on Security and Privacy
-
dc.title
Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries
en
dc.type
Konferenzbeitrag
de
dc.type
Inproceedings
en
dc.relation.publication
2010 IEEE Symposium on Security and Privacy
-
dc.relation.isbn
978-0-7695-4035-1
-
dc.relation.doi
10.1109/SP16852.2010
-
dc.relation.issn
1081-6011
-
dc.description.startpage
29
-
dc.description.endpage
44
-
dc.type.category
Full-Paper Contribution
-
dc.publisher.place
Oakland
-
tuw.booktitle
2010 IEEE Symposium on Security and Privacy
-
tuw.peerreviewed
true
-
tuw.book.ispartofseries
Proceedings - IEEE Symposium on Security and Privacy
-
tuw.relation.publisher
Computer Society Press
-
tuw.book.chapter
1.1
-
tuw.project.title
Worldwide Observatory of Malicious Behaviors and Attack Threats
-
tuw.researchTopic.id
I1
-
tuw.researchTopic.id
I2
-
tuw.researchTopic.name
Logic and Computation
-
tuw.researchTopic.name
Computer Engineering and Software-Intensive Systems
-
tuw.researchTopic.value
34
-
tuw.researchTopic.value
66
-
tuw.publication.orgunit
E191-03 - Forschungsbereich Automation Systems
-
tuw.publisher.doi
10.1109/SP.2010.10
-
dc.description.numberOfPages
16
-
tuw.event.name
IEEE
-
tuw.event.online
On Site
-
tuw.event.type
Event for scientific audience
-
tuw.event.country
AT
-
wb.sciencebranch
Mathematik, Informatik
-
wb.sciencebranch
Sonstige und interdisziplinäre Naturwissenschaften
-
wb.sciencebranch.oefos
11
-
wb.sciencebranch.oefos
19
-
wb.facultyfocus
Computer Engineering (CE)
de
wb.facultyfocus
Computer Engineering (CE)
en
wb.facultyfocus.faculty
E180
-
item.cerifentitytype
Publications
-
item.openairecristype
http://purl.org/coar/resource_type/c_5794
-
item.grantfulltext
restricted
-
item.fulltext
no Fulltext
-
item.languageiso639-1
en
-
item.openairetype
conference paper
-
crisitem.project.funder
European Commission
-
crisitem.author.dept
E183 - Institut für Rechnergestützte Automation
-
crisitem.author.dept
E183 - Institut für Rechnergestützte Automation
-
crisitem.author.dept
E191-03 - Forschungsbereich Automation Systems
-
crisitem.author.dept
E194-02 - Forschungsbereich Distributed Systems
-
crisitem.author.parentorg
E180 - Fakultät für Informatik
-
crisitem.author.parentorg
E180 - Fakultät für Informatik
-
crisitem.author.parentorg
E191 - Institut für Computer Engineering
-
crisitem.author.parentorg
E194 - Institut für Information Systems Engineering