Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • WOOT '12 Home
  • Organizers
  • Registration Information
  • Registration Discounts
  • Workshop Program
  • Co-located Workshops
  • Sponsors
  • Students
  • Help Promote
  • For Participants
  • Call for Papers
  • Past Workshops

sponsors

Bronze Sponsor
General Sponsor

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Frankenstein: Stitching Malware from Benign Binaries
Tweet

connect with us

http://twitter.com/usenix
https://www.facebook.com/events/385528201466018/

Frankenstein: Stitching Malware from Benign Binaries

Authors: 

Vishwath Mohan and Kevin W. Hamlen, University of Texas at Dallas

Abstract: 

This paper proposes a new self-camouflaging malware propagation system, Frankenstein, that overcomes shortcomings in the current generation of metamorphic malware. Specifically, although mutants produced by current state-of-theart metamorphic engines are diverse, they still contain many characteristic binary features that reliably distinguish them from benign software.

Frankenstein forgoes the concept of a metamorphic engine and instead creates mutants by stitching together instructions from non-malicious programs that have been classified as benign by local defenses. This makes it more difficult for featurebased malware detectors to reliably use those byte sequences as a signature to detect the malware. The instruction sequence harvesting process leverages recent advances in gadget discovery for return-oriented programming. Preliminary tests show that mining just a few local programs is sufficient to provide enough gadgets to implement arbitrary functionality.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {179511,
title = {Frankenstein: Stitching Malware from Benign Binaries},
booktitle = {6th USENIX Workshop on Offensive Technologies (WOOT 12)},
year = {2012},
address = {Bellevue, WA},
url = {https://www.usenix.org/conference/woot12/workshop-program/presentation/Mohan},
publisher = {USENIX Association},
month = aug,
}
Download
Mohan PDF
View the slides

Presentation Video

Presentation Audio

MP3 Download OGG Download

Download Audio

  • Log in or    Register to post comments

Comments

You know what would be cool?

Posted by universalbri
January 24, 2013 - 12:02 am
0 likes
0 dislikes
  • Log in or    Register to post comments

Bronze Sponsors

General Sponsors

© USENIX

  • Privacy Policy
  • Contact Us