Evaluating Dynamic Binary Instrumentation Systems for Conspicuous Features and Artifacts

Evaluating Dynamic Binary Instrumentation Systems for Conspicuous Features and Artifacts

연구 분야: Cryptography

학회: Digital Threats: Research and Practice (DTRAP), Volume 3, Issue 2

Dynamic binary instrumentation (DBI) systems are a popular solution for prototyping heterogeneous program analyses and monitoring tools. Several works from academic and practitioner venues have questioned the transparency of DBI systems, with anti-analysis detection sequences being found already in malware and executable protectors. The present Field Note details new and established detection methods and evaluates recent versions of popular DBI systems against them. It also sets out reflections on potential remediations and alternatives available to security researchers for their daily needs. We make available a large collection of implemented detections, hoping it can help the community build better DBI runtimes and tools.