Detailed Information

Cited 0 time in webofscience Cited 0 time in scopus
Metadata Downloads

Detection Techniques for DBI Environment in Windowsopen access

Authors
Park, SeongwooPark, Yongsu
Issue Date
Mar-2024
Publisher
MDPI AG
Keywords
computer security; dynamic binary instrumentation; reverse engineering; software protection
Citation
Electronics (Basel), v.13, no.5, pp 1 - 22
Pages
22
Indexed
SCIE
SCOPUS
Journal Title
Electronics (Basel)
Volume
13
Number
5
Start Page
1
End Page
22
URI
https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/196731
DOI
10.3390/electronics13050871
ISSN
2079-9292
2079-9292
Abstract
Dynamic binary instrumentation (DBI) is a technique that enables the monitoring and analysis of software, providing enhanced performance compared to other analysis tools. However, to provide the robust dynamic analysis capabilities, it commonly requires the setup of separate environments for analysis, thereby increasing the contrast with normal execution and the distinctive features that may reveal the presence of the DBI environment. Malware adapts to detect the presence of DBI environments, and it consequently leads to the expansion of the attack surface. In this paper, we provide an in-depth exploration of anti-instrumentation techniques that can be exploited by malware, with a specific focus on the Windows operating system. Leveraging the unique features of the DBI environment, we introduce and categorize DBI detection techniques. Additionally, we conduct a comprehensive analysis of the techniques through the implementation algorithms with bypassing methods for the techniques. Our experiments showcase the effectiveness of these techniques on the latest versions of several DBI frameworks. Furthermore, we address associated concerns with the aim of contributing to the development of enhanced tools to combat malicious activities exploiting DBI and propose directions for future research.
Files in This Item
Appears in
Collections
서울 공과대학 > 서울 컴퓨터소프트웨어학부 > 1. Journal Articles

qrcode

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.

Related Researcher

Researcher Park, Yong su photo

Park, Yong su
COLLEGE OF ENGINEERING (SCHOOL OF COMPUTER SCIENCE)
Read more

Altmetrics

Total Views & Downloads

BROWSE