Panorama: capturing system-wide information flow for malware detection and analysis. Malicious programs spy on users’ behavior and compromise their privacy. Even software from reputable vendors, such as Google Desktop and Sony DRM media player, may perform undesirable actions. Unfortunately, existing techniques for detecting malware and analyzing unknown code samples are insufficient and have significant shortcomings. We observe that malicious information access and processing behavior is the fundamental trait of numerous malware categories breaching users’ privacy (including keyloggers, password thieves, network sniffers, stealth backdoors, spyware and rootkits), which separates these malicious applications from benign software. We propose a system, Panorama, to detect and analyze malware by capturing this fundamental trait. In our extensive experiments, Panorama successfully detected all the malware samples and had very few false positives. Furthermore, by using Google Desktop as a case study, we show that our system can accurately capture its information access and processing behavior, and we can confirm that it does send back sensitive information to remote servers in certain settings. We believe that a system such as Panorama will offer indispensable assistance to code analysts and malware researchers by enabling them to quickly comprehend the behavior and innerworkings of an unknown sample

Keywords for this software

Anything in here will be replaced on browsers that support the canvas element

References in zbMATH (referenced in 3 articles )

Showing results 1 to 3 of 3.
Sorted by year (citations)

  1. Ferrara, Pietro; Olivieri, Luca; Spoto, Fausto: \textsfBackFlow: backward context-sensitive flow reconstruction of taint analysis results (2020)
  2. Qi, Biao; Shi, Zhixin; Wang, Yan; Wang, Jizhi; Wang, Qiwen; Jiang, Jianguo: BotTokenizer: exploring network tokens of HTTP-based botnet using malicious network traces (2018)
  3. Zhang, Ruoyu; Huang, Shiqiu; Qi, Zhengwei; Guan, Haibing: Static program analysis assisted dynamic taint tracking for software vulnerability discovery (2012) ioport