Litcius/Paper detail

Difuzer

Jordan Samhi, Li Li, Tegawendé F. Bissyandé, Jacques Klein

2022Proceedings of the 44th International Conference on Software Engineering26 citationsDOIOpen Access PDF

Abstract

One prominent tactic used to keep malicious behavior from being detected during dynamic test campaigns is logic bombs, where malicious operations are triggered only when specific conditions are satisfied. Defusing logic bombs remains an unsolved problem in the literature. In this work, we propose to investigate Suspicious Hidden Sensitive Operations (SHSOs) as a step towards triaging logic bombs. To that end, we develop a novel hybrid approach that combines static analysis and anomaly detection techniques to uncover SHSOs, which we predict as likely implementations of logic bombs. Concretely, Difuzer identifies SHSO entry-points using an instrumentation engine and an inter-procedural data-flow analysis. Then, it extracts trigger-specific features to characterize SHSOs and leverages One-Class SVM to implement an unsupervised learning model for detecting abnormal triggers.

Topics & Concepts

Computer scienceAnomaly detectionClass (philosophy)Support vector machineImplementationArtificial intelligenceSide channel attackMachine learningData miningProgramming languageComputer securityCryptographyAdvanced Malware Detection TechniquesNetwork Security and Intrusion DetectionDigital and Cyber Forensics
Difuzer | Litcius