Andy Asmoro - SGU Repository

(1)

Bibliography

“AV-TEST, The Independent IT-Security Institute.” , 2018, URL https://www.

av-test.org/en/statistics/malware/.

Al-Anezi, M. M. K., “Generic packing detection using several complexity analysis for accurate malware detection,”International journal of advanced computer science and applications, volume 5(1), 2015.

Alimehr, L., “The performance of sequence alignment algorithms,” , 2013.

Armadillo, “Armadillo, Overlays packer and obfuscator,” , 2017, URL http:

//the-armadillo-software-protection-system.software.informer.com, (Date last accessed 1 March 2017).

Banin, S., Shalaginov, A., and Franke, K., “Memory access patterns for malware detection,” , 2016.

Bazrafshan, Z., Hashemi, H., Fard, S. M. H., and Hamzeh, A., “A survey on heuris- tic malware detection techniques,” in “Information and Knowledge Technology (IKT), 2013 5th Conference on,” pp. 113–120, IEEE, 2013.

Beek, C., Dinkar, D., Gund, Y., and Others, “McAfee Labs threats report,” McAfee Inc., Santa Clara, CA. Available: https://www.mcafee.com/us/resources/reports/rp- quarterly-threats-dec-2017.pdf, 2017.

Bellard, F., “Qemu: Open source processor emulator, 2008,” URL http://savannah.

nongnu. org/projects/qemu, 2009.

Benninger, C. A.,Maitland: analysis of packed and encrypted malware via paravirtu- alization extensions, Ph.D. thesis, University of Victoria, 2012.

Berdajs, J. and Bosni´c, Z., “Extending applications using an advanced approach to DLL injection and API hooking,”Software: Practice and Experience, volume 40(7) pp. 567–

584, 2010.

(2)

Bergroth, L., Hakonen, H., and Raita, T., “A survey of longest common subsequence algorithms,” in “String Processing and Information Retrieval, 2000. SPIRE 2000. Pro- ceedings. Seventh International Symposium on,” pp. 39–48, IEEE, 2000.

Blunden, B.,The Rootkit arsenal: Escape and evasion in the dark corners of the system, Jones & Bartlett Publishers, 2012.

Breitinger, F., Ziroff, G., Lange, S., and Baier, H., “Similarity Hashing Based on Lev- enshtein Distances,” in “IFIP International Conference on Digital Forensics,” pp. 133–

147, Springer, 2014.

Brosch, T. and Morgenstern, M., “Runtime packers: The hidden problem,” Black Hat USA, 2006.

Catalyurek, U., Ferreira, R., Kurc, T., Saltz, J., and Stahlberg, E., “Improving performance of multiple sequence alignment analysis in multi-client environments,” in

“ipdps,” p. 0183b, IEEE, 2002.

Chiras, D. D. et al.,Human biology, Jones & Bartlett Publishers, 2013.

Cho, I. K., Kim, T., Shim, Y. J., Park, H., Choi, B., and Im, E. G., “Malware Similarity Analysis using API Sequence Alignments.”J. Internet Serv. Inf. Secur., volume 4(4) pp.

103–114, 2014.

Christensson, P., “Malware Definition,” , 2015, URL https://techterms.com/

definition/malware.

Christodorescu, M. and Jha, S., “Static Analysis of Executables to Detect Malicious Patterns,” in “USENIX Security Symposium,” , 2003.

Cresci, S., Di Pietro, R., Petrocchi, M., Spognardi, A., and Tesconi, M., “DNA-inspired online behavioral modeling and its application to spambot detection,”IEEE Intelligent Systems, volume 31(5) pp. 58–64, 2016.

de Carvalho Junior, S. A., “Sequence alignment algorithms,” King’s College London, London, 2003.

Devi, D. and Nandi, S., “Pe file features in detection of packed executables,”Interna-

(3)

Dinaburg, A., Royal, P., Sharif, M., and Lee, W., “Ether: malware analysis via hardware virtualization extensions,” in “Proceedings of the 15th ACM conference on Computer and communications security,” pp. 51–62, ACM, 2008.

Dolan-Gavitt, B. F., Hodosh, J., Hulin, P., Leek, T., and Whelan, R., “Repeatable reverse engineering for the greater good with panda,” , 2014.

Drew, J., Hahsler, M., and Moore, T., “Polymorphic malware detection using sequence classification methods and ensembles,”EURASIP Journal on Information Security, volume 2017(1) p. 2, 2017.

Edgar, R. C., “MUSCLE: multiple sequence alignment with high accuracy and high throughput,”Nucleic acids research, volume 32(5) pp. 1792–1797, 2004.

Egele, M., Scholte, T., Kirda, E., and Kruegel, C., “A survey on automated dynamic malware-analysis techniques and tools,”ACM computing surveys (CSUR), volume 44(2) p. 6, 2012.

Elisan, C., Advanced Malware Analysis, McGraw-Hill Education, 2015, URL https:

//books.google.co.id/books?id=17SUAwAAQBAJ.

Fog, A., “Instruction tables: Lists of instruction latencies, throughputs and micro- operation breakdowns for Intel, AMD and VIA CPUs,”Copenhagen University College of Engineering, 2011.

Fog, A., “The microarchitecture of Intel, AMD and VIA CPUs/An optimization guide for assembly programmers and compiler makers,” , 2012.

FSG, “FSG 2.0, F[ast] S[mall] G[ood] perfect compressor for executable files,”

, 2017, URL http://www.downloadpcsoft.com/Windows/Development/Other/

FSG_24767.html, (Date last accessed 1 March 2017).

Guo, F., Ferrie, P., and Chiueh, T.-C., “A study of the packer problem and its solutions,”

in “Recent Advances in Intrusion Detection,” pp. 98–115, Springer, 2008.

Gusfield, D.,Algorithms on strings, trees and sequences: computer science and computational biology, Cambridge university press, 1997.

(4)

Hazelwood, K., “Dynamic binary modification: Tools, techniques, and applications,”

Synthesis Lectures on Computer Architecture, volume 6(2) pp. 1–81, 2011.

Jacob, G., Comparetti, P. M., Neugschwandtner, M., Kruegel, C., and Vigna, G., “A static, packer-agnostic filter to detect similar malware samples,” in “International Con- ference on Detection of Intrusions and Malware, and Vulnerability Assessment,” pp.

102–122, Springer, 2012.

Jadhav, A., Vidyarthi, D., and Hemavathy, M., “Evolution of evasive malwares: A survey,” in “Computational Techniques in Information and Communication Technologies (ICCTICT), 2016 International Conference on,” pp. 641–646, IEEE, 2016.

Jordan, M., “Dealing with metamorphism,”Virus Bulletin, volume 1(10) pp. 4–6, 2002.

Kang, B., Kim, T., Kwon, H., Choi, Y., and Im, E. G., “Malware classification method via binary content comparison,” in “Proceedings of the 2012 ACM Research in Applied Computation Symposium,” pp. 316–321, ACM, 2012.

Kotualubun, Y. S.,Hidden-Code Extraction From Packed Malware Using Memory Base Dynamic Analysis, Master’s thesis, Swiss German University, Indonesia, 2017.

Landage, J. and Wankhade, M., “Malware and malware detection techniques: A survey,”

International Journal of Engineering Research and Technology (IJERT), volume 2(12) pp. 2278–0181, 2013.

Larkin, M. A., Blackshields, G., Brown, N., Chenna, R., McGettigan, P. A., McWilliam, H., Valentin, F., Wallace, I. M., Wilm, A., Lopez, R. et al., “Clustal W and Clustal X version 2.0,”bioinformatics, volume 23(21) pp. 2947–2948, 2007.

Lengyel, T. K., Maresca, S., Payne, B. D., Webster, G. D., Vogl, S., and Kiayias, A.,

“Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system,”

in “Proceedings of the 30th Annual Computer Security Applications Conference,” pp.

386–395, ACM, 2014.

Leong, J., “Automated static analysis of virtual-machine packers,” , 2013.

(5)

Li, X., Loh, P. K., and Tan, F., “Mechanisms of polymorphic and metamorphic viruses,”

in “Intelligence and Security Informatics Conference (EISIC), 2011 European,” pp.

149–154, IEEE, 2011, URLhttp://dx.doi.org/10.1109/EISIC.2011.77.

Ligh, M., Adair, S., Hartstein, B., and Richard, M.,Malware analyst’s cookbook and DVD: tools and techniques for fighting malicious code, Wiley Publishing, 2010.

Lim, C., Kotualubun, Y. S., Ramli, K. et al., “Mal-Xtract: Hidden Code Extraction using Memory Analysis,” in “Journal of Physics: Conference Series,” volume 801, p. 012058, IOP Publishing, 2017.

Lim, C., Sulistyan, D. Y., Ramli, K. et al., “Experiences in Instrumented Binary Analy- sis for Malware,”Advanced Science Letters, volume 21(10) pp. 3333–3336, 2015, URL https://doi.org/10.1166/asl.2015.6487.

Lyda, R. and Hamrock, J., “Using entropy analysis to find encrypted and packed malware,”IEEE Security & Privacy, volume 5(2), 2007.

Mew, “MEW,” , 2017, URL http://www.softpedia.com/get/Programming/

Packers-Crypters-Protectors/MEW-SE.shtml, (Date last accessed 1 March 2017).

Miller, C., Glendowne, D., Cook, H., Thomas, D., Lanclos, C., and Pape, P., “Insights gained from constructing a large scale dynamic analysis platform,” Digital Investiga- tion, volume 22 pp. S48–S56, 2017.

Miloˇsevi´c, N., “History of malware,”arXiv preprint arXiv:1302.5392, 2013.

Molebox, “Molebox, a free executable compression and encryptor,” , 2017, URL https://molebox.en.softonic.com, (Date last accessed 1 March 2017).

Moser, A., Kruegel, C., and Kirda, E., “Limits of static analysis for malware detection,”

in “Computer security applications conference, 2007. ACSAC 2007. Twenty-third annual,” pp. 421–430, IEEE, 2007.

Mousa, H. M., “DNA-Genetic Encryption Technique,” International Journal of Com- puter Network and Information Security, volume 8(7) p. 1, 2016.

(6)

Naval, S., Laxmi, V., Rajarajan, M., Gaur, M. S., and Conti, M., “Employing program semantics for malware detection,” IEEE Transactions on Information Forensics and Security, volume 10(12) pp. 2591–2604, 2015.

Navarro, G., “A guided tour to approximate string matching,”ACM computing surveys (CSUR), volume 33(1) pp. 31–88, 2001.

Needleman, S. B. and Wunsch, C. D., “A general method applicable to the search for similarities in the amino acid sequence of two proteins,”Journal of molecular biology, volume 48(3) pp. 443–453, 1970.

Notredame, C., “Recent progress in multiple sequence alignment: a survey,”Pharma- cogenomics, volume 3(1) pp. 131–144, 2002.

O’Kane, P., Sezer, S., and McLaughlin, K., “Obfuscation: The hidden malware,”Secu- rity & Privacy, IEEE, volume 9(5) pp. 41–47, 2011, URLhttp://dx.doi.org/10.

1109/MSP.2011.98.

Oktavianto, D. and Muhardianto, I., Cuckoo malware analysis, Packt Publishing Ltd, 2013.

Park, J., Karplus, K., Barrett, C., Hughey, R., Haussler, D., Hubbard, T., and Chothia, C., “Sequence comparisons using multiple sequences detect three times as many remote homologues as pairwise methods,” Journal of molecular biology, volume 284(4) pp.

1201–1210, 1998.

PEC2, “PECompact2, Windows Executable Compressor,” , 2017, URL http://

pecompact2.software.informer.com, (Date last accessed 1 March 2017).

Pietrek, M., “Peering inside the PE: a tour of the win32 (R) portable executable file format,”Microsoft Systems Journal-US Edition, pp. 15–38, 1994.

Rad, B. B., Masrom, M., and Ibrahim, S., “Camouflage in malware: from encryption to metamorphism,” International Journal of Computer Science and Network Security, volume 12(8) pp. 74–83, 2012, URLhttp://paper.ijcsns.org/07_book/201208/

20120813.pdf.

(7)

Ramasamy, V. and Hundt, R., “Dynamic binary instrumentation on IA-64,” in “Pro- ceedings of the First EPIC Workshop,” , 2001.

Rosenberg, M. S., “Sequence alignment: concepts and history,” in “Sequence Align- ment: Methods, Models, Concepts, and Strategies,” University of California Press, 2009.

Roundy, K. A. and Miller, B. P., “Binary-code obfuscations in prevalent packer tools,”

ACM Computing Surveys (CSUR), volume 46(1) p. 4, 2013.

Royal, P., Halpin, M., Dagon, D., Edmonds, R., and Lee, W., “Polyunpack: Automat- ing the hidden-code extraction of unpack-executing malware,” in “Computer Security Applications Conference, 2006. ACSAC’06. 22nd Annual,” pp. 289–300, IEEE, 2006.

Shannon etW, C., “Weaver. The m a the m a ti c a lt he o ry o f commu ni c a ti o n,” , 1949.

Sharif, M., Lanzi, A., Giffin, J., and Lee, W., “Automatic reverse engineering of malware emulators,” in “2009 30th IEEE Symposium on Security and Privacy,” pp. 94–109, IEEE, 2009, URLhttp://dx.doi.org/10.1109/SP.2009.27.

Shin, D., Im, C., Jeong, H., Kim, S., and Won, D., “The new signature generation method based on an unpacking algorithm and procedure for a packer detection,”Inter- national Journal of Advanced Science and Technology, volume 27 pp. 59–78, 2011.

Sikorski, M. and Honig, A.,Practical malware analysis: the hands-on guide to dissect- ing malicious software, no starch press, 2012.

Smith, T. F. and Waterman, M. S., “Identification of common molecular subsequences,”

Journal of molecular biology, volume 147(1) pp. 195–197, 1981.

Song, W., a framework for automated similarity analysis of malware, Ph.D. thesis, Concordia University, 2014.

Suhandi, A., Extraction Of Malicious Code From Packed Malware Using Emulated Environment, Master’s thesis, Swiss German University, Indonesia, 2017.

(8)

Sun, L., Versteeg, S., Boztas¸, S., and Yann, T., “Pattern recognition techniques for the classification of malware packers,” in “Information security and privacy,” pp. 370–390, Springer, 2010.

Szor, P.,The art of computer virus research and defense, Pearson Education, 2005.

Thompson, J. D., Gibson, T. J., and Higgins, D. G., “Multiple sequence alignment using ClustalW and ClustalX,”Current protocols in bioinformatics, (1) pp. 2–3, 2003.

Ugarte Pedrero, X., Balzarotti, D., Santos, I., and Bringas, P. G., “SoK: Deep packer inspection: A longitudinal study of the complexity of run-time packers,” in “SSP 2015, IEEE Symposium on Security and Privacy, May 18-20, 2015, San Jose, CA, USA,” San Jose, UNITED STATES, 2015, URLhttp://dx.doi.org/10.1109/SP.2015.46.

UPX, “UPX, a free and open source, cross-platform runtime packer,” , 2017, URL http://upx.sourceforge.net/, (Date last accessed 1 March 2017).

Vasudevan, A. and Yerraballi, R., “Stealth breakpoints,” in “Computer security applications conference, 21st Annual,” pp. 10–pp, IEEE, 2005.

Vasudevan, A. and Yerraballi, R., “Spike: engineering malware analysis tools using unobtrusive binary-instrumentation,” in “Proceedings of the 29th Australasian Com- puter Science Conference-Volume 48,” pp. 311–320, Australian Computer Society, Inc., 2006.

Venclovas, ˇC., “Methods for sequence–structure alignment,” Homology Modeling:

Methods and Protocols, pp. 55–82, 2012.

Vinod, P., Jaipur, R., Laxmi, V., and Gaur, M., “Survey on malware detection methods,” in “Proceedings of the 3rd Hackers’ Workshop on computer and internet security (IITKHACK’09),” pp. 74–79, 2009.

Willems, C., Holz, T., and Freiling, F., “Toward automated dynamic malware analysis using cwsandbox,”IEEE Security & Privacy, volume 5(2), 2007.

WinUPack, “WinUPack, a freeware runtime packer,” , 2016, URL http:

//www.softpedia.com/get/PORTABLE-SOFTWARE/Compression-Tools/

(9)

Windows-Portable-Applications-Portable-WinUpack.shtml, (Date last accessed 1 March 2017).

Wu, Z., Gianvecchio, S., Xie, M., and Wang, H., “Mimimorphism: A new approach to binary code obfuscation,” in “Proceedings of the 17th ACM conference on Computer and communications security,” pp. 536–546, ACM, 2010, URL https://doi.org/

10.1145/1866307.1866368.

Xie, X., Guan, J., and Zhou, S., “Similarity evaluation of DNA sequences based on frequent patterns and entropy,” in “BMC genomics,” volume 16, p. S5, BioMed Central, 2015.

Ye, Y., Li, T., Adjeroh, D., and Iyengar, S. S., “A survey on malware detection using data mining techniques,”ACM Computing Surveys (CSUR), volume 50(3) p. 41, 2017.