Ofuscación de código utilizando generadores de números pseudoaleatorios
Se describe un nuevo método para la ofuscación de códigos maliciosos que utiliza códigos ya presentes en los sistemas: un generador de números pseudo-aleatorios. Esto también puede verse como una técnica anti-desmontaje y anti-depuración, dependiendo de su despliegue, debido a que el código real no existe hasta su ejecución - que se genera de forma dinámica por el generador de números pseudo-aleatorios. Se han usado xperimentos de todo un año para demostrar que esta técnica de ofuscación es viable para un adversario malicioso con acceso a una gran potencia computacional.
Guardado en:
2311-7915
2311-7613
1
2014-12-06
41
54
info:eu-repo/semantics/openAccess
http://purl.org/coar/access_right/c_abf2
Saber y Hacer - 2014
id |
9987c7ed387146e9dd07b5edc252a06b |
---|---|
record_format |
ojs |
spelling |
Ofuscación de código utilizando generadores de números pseudoaleatorios Aycock, J. & Friess, N. (2006). Spam zombies from outer space. 15th Annual EICAR Conference, pp. 164–179. Tiu, V. (2009). Confounded Conficker. Virus Bulletin, March, pp. 7–11. F-Secure (2009). Calculating the size of the Downadup outbreak. Weblog: News from the Lab, 16 January 2009. Available: http://www.f-secure.com/weblog/archives/00001584.html Finjan (2009). How a cybergang operates a network of 1.9 million infected computers. Available: http://www.finjan.com/MCRCblog.aspx?EntryId=2237 Porras, P., Saidi, H. & Yegneswaran, V. (2009). An analysis of Conficker’s logic and rendezvous points. SRI International Technical Report. Available: http://mtc.sri.com/Conficker Riordan, J. & Schneier, B. (1998). Environmental key generation towards clueless agents. Mobile Agents and Security, 1419, pp. 15–24. EICAR (2006). The anti-virus or anti-malware test file. Available: http://www.eicar.org/anti_virus_test_file.htm Ferrie, P. (2010). Anti-unpacker tricks. Virus Bulletin, May, pp. 4–9. Oreans Technology (2009). Code Virtualizer. Available: http://www.oreans.com/codevirtualizer.php VMPsoft (2009). VMProtect. Available: http://vmpsoft.com/ Debaere, E. & Van Campenhout, J. (1990). Intrepretation and Instruction Path Coprocessing. ACM SIGPLAN Notices, 25(9), pp. 7-9. Klint, P. (1981). Interpretation techniques. Software – Practice and Experience, 11(9), pp. 963–973. Kuenning, G. (2007). Mersenne Twist pseudorandom number generator package, version 1.20. Available: http://www.cs.hmc.edu/∼geoff/mtwist.html Toyofuku, T., Tabata, T. & Sakurai, K. (2005). Program obfuscation scheme using random numbers to complicate control flow. 1st International Workshop on Security in Ubiquitous Computing Systems, 3823, pp. 916-925. Friess, N., Aycock, J. & Vogt, R. (2008). Black market botnets. Department of Computer Science, University of Calgary 2500 University Drive N.W., Calgary, Alberta, Canada. Larkin, E. (2007). Storm worm’s virulence may change tactics. Network World, 2. Available: http://www.networkworld.com/news/2007/080207-black-hat-storm-worms-virulence.html Aycock, J., De Graaf, R. & Jacobson, M. (2006). Anti-disassembly using cryptographic hash functions. Journal in Computer Virology, 2(1), pp. 79–85. Hemmingsen, R., Aycock, J. & Jacobson, M. (2007). Spam, phishing, and the looming challenge of big botnets. EU Spam Symposium. White, S. (1989). Covert distributed processing with computer viruses. Advances in Cryptology – CRYPTO ’89 Proceedings, pp. 616– 619, LNCS 435. Shoch, J. & Hupp, J. (1982). The “worm” programs – early experience with a distributed computation. Communications of the ACM, 25(3), pp. 172–180. Anderson, D., Cobb, J., Korpela, E., Lebofsky, M. & Werthimer, D. (2002). SETI@home: An experiment in public-resource computing. Communications of the ACM, 45(11), pp. 56–61. Sharif, M., Lanzi, A., Giffin, J. & Lee, W. (2009). Automatic reverse engineering of malware emulators. IEEE Symposium on Security and Privacy. Georgia Institute of Technology, USA. info:eu-repo/semantics/article http://purl.org/coar/resource_type/c_6501 http://purl.org/redcol/resource_type/ARTREF info:eu-repo/semantics/publishedVersion http://purl.org/coar/version/c_970fb48d4fbd8a85 info:eu-repo/semantics/openAccess http://purl.org/coar/access_right/c_abf2 Text Holz, T., Steiner, M., Dahl, F., Biersack, E. & Freiling, F. (2008). Measurements and mitigation of peer-to-peer-based botnets: A case study on Storm Worm. 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats. Available: https://www.usenix.org/legacy/events/leet08/tech/full_papers/holz/holz.pdf Sterling, T. (2005). Prosecutors say Dutch suspects hacked 1.5 million computers worldwide. Associated Press. Available: http://www.foxnews.com/story/2005/10/20/dutch-hackers-infected-15-million-computers/ Publication 1 Artículo de revista Rajab, M., Zarfoss, J., Monrose, F. & Terzis, A. (2007). My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging. 1st Workshop on Hot Topics in Understanding Botnets (HotBots ’07). Available: https://www.usenix.org/legacy/event/hotbots07/tech/full_papers/rajab/rajab.pdf application/pdf Universidad San Ignacio de Loyola Saber y Hacer Nunes, Daniel M. Gutiérrez, Juan M. https://revistas.usil.edu.pe/index.php/syh/article/view/25 Aycock, John Español https://creativecommons.org/licenses/by-nc-sa/4.0/ Saber y Hacer - 2014 Se describe un nuevo método para la ofuscación de códigos maliciosos que utiliza códigos ya presentes en los sistemas: un generador de números pseudo-aleatorios. Esto también puede verse como una técnica anti-desmontaje y anti-depuración, dependiendo de su despliegue, debido a que el código real no existe hasta su ejecución - que se genera de forma dinámica por el generador de números pseudo-aleatorios. Se han usado xperimentos de todo un año para demostrar que esta técnica de ofuscación es viable para un adversario malicioso con acceso a una gran potencia computacional. Franklin, J., Paxson, V., Perrig, A. & Savage, S. (2007). An inquiry into the nature and causes of the wealth of Internet miscreants. 14th ACM Conference on Computer and Communications Security (pp. 375-388). New York, New York, United States of America. doi:10.1145/1315245.1315292 Szappanos, G. (2007). Exepacker blacklisting. Virus Bulletin. Available: http://www.virusbtn.com/virusbulletin/archive/2007/10/vb200710-exepacker-blacklisting Collberg, C., Thomborson, C. & Low, D. (1997). A taxonomy of obfuscating transformations. Technical Report 148. Available: https://researchspace.auckland.ac.nz/bitstream/handle/2292/3491/TR148.pdf 1 We describe a novel method for malicious code obfuscation that uses code already present in systems: a pseudo-random number generator. This can also be seen as an antidisassembly and anti-debugging technique, depending on deploy- ment, because the actual code does not exist until run – it is generated dynamically by the pseudo-random number generator. A year’s worth of experiments are used to demonstrate that this technique is a viable code obfuscation option for a malicious adversary with access to large amounts of computing power. Obfuscation pseudo-random generator Code obfuscation using pseudo-random number generators Journal article https://revistas.usil.edu.pe/index.php/syh/article/download/25/26 2014-12-06T00:00:00Z 2014-12-06T00:00:00Z 2311-7915 2311-7613 https://revistas.usil.edu.pe/index.php/syh/article/view/25 41 54 2014-12-06 |
institution |
UNIVERSIDAD SAN IGNACIO DE LOYOLA |
thumbnail |
https://nuevo.metarevistas.org/USIL/logo.png |
country_str |
Perú |
collection |
Saber y Hacer |
title |
Ofuscación de código utilizando generadores de números pseudoaleatorios |
spellingShingle |
Ofuscación de código utilizando generadores de números pseudoaleatorios Nunes, Daniel M. Gutiérrez, Juan M. Aycock, John Obfuscation pseudo-random generator |
title_short |
Ofuscación de código utilizando generadores de números pseudoaleatorios |
title_full |
Ofuscación de código utilizando generadores de números pseudoaleatorios |
title_fullStr |
Ofuscación de código utilizando generadores de números pseudoaleatorios |
title_full_unstemmed |
Ofuscación de código utilizando generadores de números pseudoaleatorios |
title_sort |
ofuscación de código utilizando generadores de números pseudoaleatorios |
title_eng |
Code obfuscation using pseudo-random number generators |
description |
Se describe un nuevo método para la ofuscación de códigos maliciosos que utiliza códigos ya presentes en los sistemas: un generador de números pseudo-aleatorios. Esto también puede verse como una técnica anti-desmontaje y anti-depuración, dependiendo de su despliegue, debido a que el código real no existe hasta su ejecución - que se genera de forma dinámica por el generador de números pseudo-aleatorios. Se han usado xperimentos de todo un año para demostrar que esta técnica de ofuscación es viable para un adversario malicioso con acceso a una gran potencia computacional.
|
description_eng |
We describe a novel method for malicious code obfuscation that uses code already present in systems: a pseudo-random number generator. This can also be seen as an antidisassembly and anti-debugging technique, depending on deploy- ment, because the actual code does not exist until run – it is generated dynamically by the pseudo-random number generator. A year’s worth of experiments are used to demonstrate that this technique is a viable code obfuscation option for a malicious adversary with access to large amounts of computing power.
|
author |
Nunes, Daniel M. Gutiérrez, Juan M. Aycock, John |
author_facet |
Nunes, Daniel M. Gutiérrez, Juan M. Aycock, John |
topic |
Obfuscation pseudo-random generator |
topic_facet |
Obfuscation pseudo-random generator |
citationvolume |
1 |
citationissue |
1 |
publisher |
Universidad San Ignacio de Loyola |
ispartofjournal |
Saber y Hacer |
source |
https://revistas.usil.edu.pe/index.php/syh/article/view/25 |
language |
Español |
format |
Article |
rights |
info:eu-repo/semantics/openAccess http://purl.org/coar/access_right/c_abf2 https://creativecommons.org/licenses/by-nc-sa/4.0/ Saber y Hacer - 2014 |
references |
Aycock, J. & Friess, N. (2006). Spam zombies from outer space. 15th Annual EICAR Conference, pp. 164–179. Tiu, V. (2009). Confounded Conficker. Virus Bulletin, March, pp. 7–11. F-Secure (2009). Calculating the size of the Downadup outbreak. Weblog: News from the Lab, 16 January 2009. Available: http://www.f-secure.com/weblog/archives/00001584.html Finjan (2009). How a cybergang operates a network of 1.9 million infected computers. Available: http://www.finjan.com/MCRCblog.aspx?EntryId=2237 Porras, P., Saidi, H. & Yegneswaran, V. (2009). An analysis of Conficker’s logic and rendezvous points. SRI International Technical Report. Available: http://mtc.sri.com/Conficker Riordan, J. & Schneier, B. (1998). Environmental key generation towards clueless agents. Mobile Agents and Security, 1419, pp. 15–24. EICAR (2006). The anti-virus or anti-malware test file. Available: http://www.eicar.org/anti_virus_test_file.htm Ferrie, P. (2010). Anti-unpacker tricks. Virus Bulletin, May, pp. 4–9. Oreans Technology (2009). Code Virtualizer. Available: http://www.oreans.com/codevirtualizer.php VMPsoft (2009). VMProtect. Available: http://vmpsoft.com/ Debaere, E. & Van Campenhout, J. (1990). Intrepretation and Instruction Path Coprocessing. ACM SIGPLAN Notices, 25(9), pp. 7-9. Klint, P. (1981). Interpretation techniques. Software – Practice and Experience, 11(9), pp. 963–973. Kuenning, G. (2007). Mersenne Twist pseudorandom number generator package, version 1.20. Available: http://www.cs.hmc.edu/∼geoff/mtwist.html Toyofuku, T., Tabata, T. & Sakurai, K. (2005). Program obfuscation scheme using random numbers to complicate control flow. 1st International Workshop on Security in Ubiquitous Computing Systems, 3823, pp. 916-925. Friess, N., Aycock, J. & Vogt, R. (2008). Black market botnets. Department of Computer Science, University of Calgary 2500 University Drive N.W., Calgary, Alberta, Canada. Larkin, E. (2007). Storm worm’s virulence may change tactics. Network World, 2. Available: http://www.networkworld.com/news/2007/080207-black-hat-storm-worms-virulence.html Aycock, J., De Graaf, R. & Jacobson, M. (2006). Anti-disassembly using cryptographic hash functions. Journal in Computer Virology, 2(1), pp. 79–85. Hemmingsen, R., Aycock, J. & Jacobson, M. (2007). Spam, phishing, and the looming challenge of big botnets. EU Spam Symposium. White, S. (1989). Covert distributed processing with computer viruses. Advances in Cryptology – CRYPTO ’89 Proceedings, pp. 616– 619, LNCS 435. Shoch, J. & Hupp, J. (1982). The “worm” programs – early experience with a distributed computation. Communications of the ACM, 25(3), pp. 172–180. Anderson, D., Cobb, J., Korpela, E., Lebofsky, M. & Werthimer, D. (2002). SETI@home: An experiment in public-resource computing. Communications of the ACM, 45(11), pp. 56–61. Sharif, M., Lanzi, A., Giffin, J. & Lee, W. (2009). Automatic reverse engineering of malware emulators. IEEE Symposium on Security and Privacy. Georgia Institute of Technology, USA. Holz, T., Steiner, M., Dahl, F., Biersack, E. & Freiling, F. (2008). Measurements and mitigation of peer-to-peer-based botnets: A case study on Storm Worm. 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats. Available: https://www.usenix.org/legacy/events/leet08/tech/full_papers/holz/holz.pdf Sterling, T. (2005). Prosecutors say Dutch suspects hacked 1.5 million computers worldwide. Associated Press. Available: http://www.foxnews.com/story/2005/10/20/dutch-hackers-infected-15-million-computers/ Rajab, M., Zarfoss, J., Monrose, F. & Terzis, A. (2007). My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging. 1st Workshop on Hot Topics in Understanding Botnets (HotBots ’07). Available: https://www.usenix.org/legacy/event/hotbots07/tech/full_papers/rajab/rajab.pdf Franklin, J., Paxson, V., Perrig, A. & Savage, S. (2007). An inquiry into the nature and causes of the wealth of Internet miscreants. 14th ACM Conference on Computer and Communications Security (pp. 375-388). New York, New York, United States of America. doi:10.1145/1315245.1315292 Szappanos, G. (2007). Exepacker blacklisting. Virus Bulletin. Available: http://www.virusbtn.com/virusbulletin/archive/2007/10/vb200710-exepacker-blacklisting Collberg, C., Thomborson, C. & Low, D. (1997). A taxonomy of obfuscating transformations. Technical Report 148. Available: https://researchspace.auckland.ac.nz/bitstream/handle/2292/3491/TR148.pdf |
type_driver |
info:eu-repo/semantics/article |
type_coar |
http://purl.org/coar/resource_type/c_6501 |
type_version |
info:eu-repo/semantics/publishedVersion |
type_coarversion |
http://purl.org/coar/version/c_970fb48d4fbd8a85 |
type_content |
Text |
publishDate |
2014-12-06 |
date_accessioned |
2014-12-06T00:00:00Z |
date_available |
2014-12-06T00:00:00Z |
url |
https://revistas.usil.edu.pe/index.php/syh/article/view/25 |
url_doi |
https://revistas.usil.edu.pe/index.php/syh/article/view/25 |
issn |
2311-7915 |
eissn |
2311-7613 |
citationstartpage |
41 |
citationendpage |
54 |
url2_str_mv |
https://revistas.usil.edu.pe/index.php/syh/article/download/25/26 |
_version_ |
1797285481561456640 |