Ofuscación de código utilizando generadores de números pseudoaleatorios

Nunes, Daniel M.; Gutiérrez, Juan M.; Aycock, John

Ofuscación de código utilizando generadores de números pseudoaleatorios

Se describe un nuevo método para la ofuscación de códigos maliciosos que utiliza códigos ya presentes en los sistemas: un generador de números pseudo-aleatorios. Esto también puede verse como una técnica anti-desmontaje y anti-depuración, dependiendo de su despliegue, debido a que el código real no existe hasta su ejecución - que se genera de forma dinámica por el generador de números pseudo-aleatorios. Se han usado xperimentos de todo un año para demostrar que esta técnica de ofuscación es viable para un adversario malicioso con acceso a una gran potencia computacional.

Guardado en:

Revista

Saber y Hacer

ISSN

2311-7915

EISSN

2311-7613

Autores

Nunes, Daniel M.

Gutiérrez, Juan M.

Aycock, John

Editor

UNIVERSIDAD SAN IGNACIO DE LOYOLA

Volumen

Año de publicación

2014-12-06

Pagina inicial

Pagina final

Pais

Perú

Licencia

info:eu-repo/semantics/openAccess

http://purl.org/coar/access_right/c_abf2

Saber y Hacer - 2014

id	9987c7ed387146e9dd07b5edc252a06b
record_format	ojs
spelling	Ofuscación de código utilizando generadores de números pseudoaleatorios Aycock, J. & Friess, N. (2006). Spam zombies from outer space. 15th Annual EICAR Conference, pp. 164–179. Tiu, V. (2009). Confounded Conficker. Virus Bulletin, March, pp. 7–11. F-Secure (2009). Calculating the size of the Downadup outbreak. Weblog: News from the Lab, 16 January 2009. Available: http://www.f-secure.com/weblog/archives/00001584.html Finjan (2009). How a cybergang operates a network of 1.9 million infected computers. Available: http://www.finjan.com/MCRCblog.aspx?EntryId=2237 Porras, P., Saidi, H. & Yegneswaran, V. (2009). An analysis of Conficker’s logic and rendezvous points. SRI International Technical Report. Available: http://mtc.sri.com/Conficker Riordan, J. & Schneier, B. (1998). Environmental key generation towards clueless agents. Mobile Agents and Security, 1419, pp. 15–24. EICAR (2006). The anti-virus or anti-malware test file. Available: http://www.eicar.org/anti_virus_test_file.htm Ferrie, P. (2010). Anti-unpacker tricks. Virus Bulletin, May, pp. 4–9. Oreans Technology (2009). Code Virtualizer. Available: http://www.oreans.com/codevirtualizer.php VMPsoft (2009). VMProtect. Available: http://vmpsoft.com/ Debaere, E. & Van Campenhout, J. (1990). Intrepretation and Instruction Path Coprocessing. ACM SIGPLAN Notices, 25(9), pp. 7-9. Klint, P. (1981). Interpretation techniques. Software – Practice and Experience, 11(9), pp. 963–973. Kuenning, G. (2007). Mersenne Twist pseudorandom number generator package, version 1.20. Available: http://www.cs.hmc.edu/∼geoff/mtwist.html Toyofuku, T., Tabata, T. & Sakurai, K. (2005). Program obfuscation scheme using random numbers to complicate control flow. 1st International Workshop on Security in Ubiquitous Computing Systems, 3823, pp. 916-925. Friess, N., Aycock, J. & Vogt, R. (2008). Black market botnets. Department of Computer Science, University of Calgary 2500 University Drive N.W., Calgary, Alberta, Canada. Larkin, E. (2007). Storm worm’s virulence may change tactics. Network World, 2. Available: http://www.networkworld.com/news/2007/080207-black-hat-storm-worms-virulence.html Aycock, J., De Graaf, R. & Jacobson, M. (2006). Anti-disassembly using cryptographic hash functions. Journal in Computer Virology, 2(1), pp. 79–85. Hemmingsen, R., Aycock, J. & Jacobson, M. (2007). Spam, phishing, and the looming challenge of big botnets. EU Spam Symposium. White, S. (1989). Covert distributed processing with computer viruses. Advances in Cryptology – CRYPTO ’89 Proceedings, pp. 616– 619, LNCS 435. Shoch, J. & Hupp, J. (1982). The “worm” programs – early experience with a distributed computation. Communications of the ACM, 25(3), pp. 172–180. Anderson, D., Cobb, J., Korpela, E., Lebofsky, M. & Werthimer, D. (2002). SETI@home: An experiment in public-resource computing. Communications of the ACM, 45(11), pp. 56–61. Sharif, M., Lanzi, A., Giffin, J. & Lee, W. (2009). Automatic reverse engineering of malware emulators. IEEE Symposium on Security and Privacy. Georgia Institute of Technology, USA. info:eu-repo/semantics/article http://purl.org/coar/resource_type/c_6501 http://purl.org/redcol/resource_type/ARTREF info:eu-repo/semantics/publishedVersion http://purl.org/coar/version/c_970fb48d4fbd8a85 info:eu-repo/semantics/openAccess http://purl.org/coar/access_right/c_abf2 Text Holz, T., Steiner, M., Dahl, F., Biersack, E. & Freiling, F. (2008). Measurements and mitigation of peer-to-peer-based botnets: A case study on Storm Worm. 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats. Available: https://www.usenix.org/legacy/events/leet08/tech/full_papers/holz/holz.pdf Sterling, T. (2005). Prosecutors say Dutch suspects hacked 1.5 million computers worldwide. Associated Press. Available: http://www.foxnews.com/story/2005/10/20/dutch-hackers-infected-15-million-computers/ Publication 1 Artículo de revista Rajab, M., Zarfoss, J., Monrose, F. & Terzis, A. (2007). My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging. 1st Workshop on Hot Topics in Understanding Botnets (HotBots ’07). Available: https://www.usenix.org/legacy/event/hotbots07/tech/full_papers/rajab/rajab.pdf application/pdf Universidad San Ignacio de Loyola Saber y Hacer Nunes, Daniel M. Gutiérrez, Juan M. https://revistas.usil.edu.pe/index.php/syh/article/view/25 Aycock, John Español https://creativecommons.org/licenses/by-nc-sa/4.0/ Saber y Hacer - 2014 Se describe un nuevo método para la ofuscación de códigos maliciosos que utiliza códigos ya presentes en los sistemas: un generador de números pseudo-aleatorios. Esto también puede verse como una técnica anti-desmontaje y anti-depuración, dependiendo de su despliegue, debido a que el código real no existe hasta su ejecución - que se genera de forma dinámica por el generador de números pseudo-aleatorios. Se han usado xperimentos de todo un año para demostrar que esta técnica de ofuscación es viable para un adversario malicioso con acceso a una gran potencia computacional. Franklin, J., Paxson, V., Perrig, A. & Savage, S. (2007). An inquiry into the nature and causes of the wealth of Internet miscreants. 14th ACM Conference on Computer and Communications Security (pp. 375-388). New York, New York, United States of America. doi:10.1145/1315245.1315292 Szappanos, G. (2007). Exepacker blacklisting. Virus Bulletin. Available: http://www.virusbtn.com/virusbulletin/archive/2007/10/vb200710-exepacker-blacklisting Collberg, C., Thomborson, C. & Low, D. (1997). A taxonomy of obfuscating transformations. Technical Report 148. Available: https://researchspace.auckland.ac.nz/bitstream/handle/2292/3491/TR148.pdf 1 We describe a novel method for malicious code obfuscation that uses code already present in systems: a pseudo-random number generator. This can also be seen as an antidisassembly and anti-debugging technique, depending on deploy- ment, because the actual code does not exist until run – it is generated dynamically by the pseudo-random number generator. A year’s worth of experiments are used to demonstrate that this technique is a viable code obfuscation option for a malicious adversary with access to large amounts of computing power. Obfuscation pseudo-random generator Code obfuscation using pseudo-random number generators Journal article https://revistas.usil.edu.pe/index.php/syh/article/download/25/26 2014-12-06T00:00:00Z 2014-12-06T00:00:00Z 2311-7915 2311-7613 https://revistas.usil.edu.pe/index.php/syh/article/view/25 41 54 2014-12-06
institution	UNIVERSIDAD SAN IGNACIO DE LOYOLA
thumbnail	https://nuevo.metarevistas.org/USIL/logo.png
country_str	Perú
collection	Saber y Hacer
title	Ofuscación de código utilizando generadores de números pseudoaleatorios
spellingShingle	Ofuscación de código utilizando generadores de números pseudoaleatorios Nunes, Daniel M. Gutiérrez, Juan M. Aycock, John Obfuscation pseudo-random generator
title_short	Ofuscación de código utilizando generadores de números pseudoaleatorios
title_full	Ofuscación de código utilizando generadores de números pseudoaleatorios
title_fullStr	Ofuscación de código utilizando generadores de números pseudoaleatorios
title_full_unstemmed	Ofuscación de código utilizando generadores de números pseudoaleatorios
title_sort	ofuscación de código utilizando generadores de números pseudoaleatorios
title_eng	Code obfuscation using pseudo-random number generators
description	Se describe un nuevo método para la ofuscación de códigos maliciosos que utiliza códigos ya presentes en los sistemas: un generador de números pseudo-aleatorios. Esto también puede verse como una técnica anti-desmontaje y anti-depuración, dependiendo de su despliegue, debido a que el código real no existe hasta su ejecución - que se genera de forma dinámica por el generador de números pseudo-aleatorios. Se han usado xperimentos de todo un año para demostrar que esta técnica de ofuscación es viable para un adversario malicioso con acceso a una gran potencia computacional.
description_eng	We describe a novel method for malicious code obfuscation that uses code already present in systems: a pseudo-random number generator. This can also be seen as an antidisassembly and anti-debugging technique, depending on deploy- ment, because the actual code does not exist until run – it is generated dynamically by the pseudo-random number generator. A year’s worth of experiments are used to demonstrate that this technique is a viable code obfuscation option for a malicious adversary with access to large amounts of computing power.
author	Nunes, Daniel M. Gutiérrez, Juan M. Aycock, John
author_facet	Nunes, Daniel M. Gutiérrez, Juan M. Aycock, John
topic	Obfuscation pseudo-random generator
topic_facet	Obfuscation pseudo-random generator
citationvolume	1
citationissue	1
publisher	Universidad San Ignacio de Loyola
ispartofjournal	Saber y Hacer
source	https://revistas.usil.edu.pe/index.php/syh/article/view/25
language	Español
format	Article
rights	info:eu-repo/semantics/openAccess http://purl.org/coar/access_right/c_abf2 https://creativecommons.org/licenses/by-nc-sa/4.0/ Saber y Hacer - 2014
references	Aycock, J. & Friess, N. (2006). Spam zombies from outer space. 15th Annual EICAR Conference, pp. 164–179. Tiu, V. (2009). Confounded Conficker. Virus Bulletin, March, pp. 7–11. F-Secure (2009). Calculating the size of the Downadup outbreak. Weblog: News from the Lab, 16 January 2009. Available: http://www.f-secure.com/weblog/archives/00001584.html Finjan (2009). How a cybergang operates a network of 1.9 million infected computers. Available: http://www.finjan.com/MCRCblog.aspx?EntryId=2237 Porras, P., Saidi, H. & Yegneswaran, V. (2009). An analysis of Conficker’s logic and rendezvous points. SRI International Technical Report. Available: http://mtc.sri.com/Conficker Riordan, J. & Schneier, B. (1998). Environmental key generation towards clueless agents. Mobile Agents and Security, 1419, pp. 15–24. EICAR (2006). The anti-virus or anti-malware test file. Available: http://www.eicar.org/anti_virus_test_file.htm Ferrie, P. (2010). Anti-unpacker tricks. Virus Bulletin, May, pp. 4–9. Oreans Technology (2009). Code Virtualizer. Available: http://www.oreans.com/codevirtualizer.php VMPsoft (2009). VMProtect. Available: http://vmpsoft.com/ Debaere, E. & Van Campenhout, J. (1990). Intrepretation and Instruction Path Coprocessing. ACM SIGPLAN Notices, 25(9), pp. 7-9. Klint, P. (1981). Interpretation techniques. Software – Practice and Experience, 11(9), pp. 963–973. Kuenning, G. (2007). Mersenne Twist pseudorandom number generator package, version 1.20. Available: http://www.cs.hmc.edu/∼geoff/mtwist.html Toyofuku, T., Tabata, T. & Sakurai, K. (2005). Program obfuscation scheme using random numbers to complicate control flow. 1st International Workshop on Security in Ubiquitous Computing Systems, 3823, pp. 916-925. Friess, N., Aycock, J. & Vogt, R. (2008). Black market botnets. Department of Computer Science, University of Calgary 2500 University Drive N.W., Calgary, Alberta, Canada. Larkin, E. (2007). Storm worm’s virulence may change tactics. Network World, 2. Available: http://www.networkworld.com/news/2007/080207-black-hat-storm-worms-virulence.html Aycock, J., De Graaf, R. & Jacobson, M. (2006). Anti-disassembly using cryptographic hash functions. Journal in Computer Virology, 2(1), pp. 79–85. Hemmingsen, R., Aycock, J. & Jacobson, M. (2007). Spam, phishing, and the looming challenge of big botnets. EU Spam Symposium. White, S. (1989). Covert distributed processing with computer viruses. Advances in Cryptology – CRYPTO ’89 Proceedings, pp. 616– 619, LNCS 435. Shoch, J. & Hupp, J. (1982). The “worm” programs – early experience with a distributed computation. Communications of the ACM, 25(3), pp. 172–180. Anderson, D., Cobb, J., Korpela, E., Lebofsky, M. & Werthimer, D. (2002). SETI@home: An experiment in public-resource computing. Communications of the ACM, 45(11), pp. 56–61. Sharif, M., Lanzi, A., Giffin, J. & Lee, W. (2009). Automatic reverse engineering of malware emulators. IEEE Symposium on Security and Privacy. Georgia Institute of Technology, USA. Holz, T., Steiner, M., Dahl, F., Biersack, E. & Freiling, F. (2008). Measurements and mitigation of peer-to-peer-based botnets: A case study on Storm Worm. 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats. Available: https://www.usenix.org/legacy/events/leet08/tech/full_papers/holz/holz.pdf Sterling, T. (2005). Prosecutors say Dutch suspects hacked 1.5 million computers worldwide. Associated Press. Available: http://www.foxnews.com/story/2005/10/20/dutch-hackers-infected-15-million-computers/ Rajab, M., Zarfoss, J., Monrose, F. & Terzis, A. (2007). My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging. 1st Workshop on Hot Topics in Understanding Botnets (HotBots ’07). Available: https://www.usenix.org/legacy/event/hotbots07/tech/full_papers/rajab/rajab.pdf Franklin, J., Paxson, V., Perrig, A. & Savage, S. (2007). An inquiry into the nature and causes of the wealth of Internet miscreants. 14th ACM Conference on Computer and Communications Security (pp. 375-388). New York, New York, United States of America. doi:10.1145/1315245.1315292 Szappanos, G. (2007). Exepacker blacklisting. Virus Bulletin. Available: http://www.virusbtn.com/virusbulletin/archive/2007/10/vb200710-exepacker-blacklisting Collberg, C., Thomborson, C. & Low, D. (1997). A taxonomy of obfuscating transformations. Technical Report 148. Available: https://researchspace.auckland.ac.nz/bitstream/handle/2292/3491/TR148.pdf
type_driver	info:eu-repo/semantics/article
type_coar	http://purl.org/coar/resource_type/c_6501
type_version	info:eu-repo/semantics/publishedVersion
type_coarversion	http://purl.org/coar/version/c_970fb48d4fbd8a85
type_content	Text
publishDate	2014-12-06
date_accessioned	2014-12-06T00:00:00Z
date_available	2014-12-06T00:00:00Z
url	https://revistas.usil.edu.pe/index.php/syh/article/view/25
url_doi	https://revistas.usil.edu.pe/index.php/syh/article/view/25
issn	2311-7915
eissn	2311-7613
citationstartpage	41
citationendpage	54
url2_str_mv	https://revistas.usil.edu.pe/index.php/syh/article/download/25/26
_version_	1797285481561456640

Ofuscación de código utilizando generadores de números pseudoaleatorios

Código QR

Estadísticas y Métricas Alternativas

Títulos similares