|
[1] P. Barham, B. Dragovic, et al., “Xen and the Art of Virtualization”, ACM, 2003 [2] F. Bellard. “QEMU, a Fast and Portable Dynamic Translator”, FREENIX Track: 2005 USENIX Annual Technical Conference [3] D. Brumley, “VinE Project Documentation” [4] D. Brumley, C. Hartwig, M. G. Kang, Z. Liang, J. Newsome, P. Poosankam, D. Song, and H. Yin, “BitScope: Automatically Dissecting Malicious Binaries”, Technical Report CMU-CS-07-133, School of Computer Science, Carnegie Mellon University, March 18, 2007 [5] D. Brumley, C. Hartwig, Z. Liang, J. Newsome, D. Song, and H. Yin. “Automatically Identifying Trigger-based Behavior in Malware”, Book chapter in "Botnet Analysis and Defense", Editors Wenke Lee et. al., 2007. [6] J. Caballero, H. Yin, Z. Liang, and D. Song. “Automatic Extraction of Protocol Message Format using Dynamic Binary Analysis”, In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS), October 2007. [7] X. Chen, J. Andersen, Z.M. Mao, M. Bailey, and J. Nazario, “Towards an Understanding of Anti-virtualization and Anti-debugging Behavior in Modern Malware”, International Conference on Dependable Systems &Networks: Anchorage, Alaska, June 24-27 2008. [8] F.J. Damerau, “A technique for computer detection and correction of spelling errors”, Communications of the ACM, 1964. [9] A. Dinaburg, P. Royal, M. Sharif, and W. Lee, “Ether: Malware Analysis via Hardware Virtualization Extensions”, CCS‟08, October 27–31, 2008, Alexandria, Virginia, USA. [10] T. Ebringer, “Anti-Emulation Through Time-Lock Puzzles” [11] M. Egele, C. Kruegel, E. Kirda, H. Yin, and D. Song, “Dynamic Spyware Analysis”, in Proceedings of USENIX Annual Technical Conference (Usenix'07), June 2007 [12] P. Ferrie, “Attacks on Virtual Machine Emulators”, Symantec Advanced Threat Research, 2006. [13] P. Ferrie, “Attacks on More Virtual Machine Emulators”, Symantec Technology Exchange, April 2007. [14] D. Gao, M. K. Reiter and D. Song, “Behavioral Distance for Intrusion Detection”, in Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection (RAID 2005), Seattle, WA, USA, September 2005. [15] T. Garfinkel, K. Adams, A. Warfield, J. Franklin, “Compatibility is Not Transparency : VMM Detection Myths and Realities”, In the 11th Workshop on Hot Topics in Operating Systems (HOTOS-X). [16] R. Hamming, “Error detecting and error correcting codes”, Bell System Technical Journal 29 (2): 147–160. [17] M. A. Jaro, “Advances in record linking methodology as applied to the 1985 census of Tampa Florida”. Journal of the American Statistical Society 84 (406): 414–20. [18] M. G. Kang, P. Poosankam, and H. Yin. “Renovo: A Hidden Code Extractor for Packed Executables”, In Proceedings of the 5th ACM Workshop on Recurring Malcode (WORM), October 2007. [19] S. T. King, G. W. Dunlap, and P. M. Chen, “Operating System Support for Virtual Machines”, In Proceedings of the 2003 USENIX Technical Conference, pages 71-84, June 2003. [20] V. I. Levenshtein, “Binary codes capable of correcting deletions, insertions”, and reversals. Soviet Physics Doklady 10 (1966):707–710. [21] T. Liston and E. Skoudis, “On the Cutting Edge: Thwarting Virtual Machine Detection”, http://handlers.sans.org/tliston/ThwartingVMDetection Liston Skoudis.pdf, July 2006. [22] T. Ormandy, “An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments”, taviso.decsystem.org (Jan 2007). [23] T. Raffetseder, Ch. Krügel, E. Kirda, “Detecting System Emulators”, in Proceedings of the Information Security Conference (ISC ) 2007, 1 - 18. [24] K. Rieck, T. Holz, C. Willems, P. D¨ussel, and P. Laskov, “Learning and Classification of Malware Behavior”, Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) 2008. [25] J. S. Robin and C. E. Irvine, “Analysis of the Intel Pentium's ability to support a secure virtual machine monitor”, In Proceedings of the 9th USENIX Security Symposium, Denver, CO, August 2000. [26] D. T. Rogers, “A Framework for Dynamic Subversion Thesis”, June 2003. [27] P. H. Sellers. “On the theory and computation of evolutionary distances”, SIAM J. Appl. Math. [28] D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. G. Kang, Z. Liang, J. Newsome, P. Poosankam, and P. Saxena1 “BitBlaze: A New Approach to Computer Security via Binary Analysis”, Fourth International Conference on Information Systems Security (ICISS 2008). [29] W. E. Winkler, “The state of record linkage and current research problems”, Statistics of Income Division, Internal Revenue Service Publication R99/04. [30] H. Yin, Z. Liang, and D. Song, “HookFinder: Identifying and Understanding Malware Hooking Behaviors”, in Proceeding of the 15th Annual Network and Distributed System Security Symposium (NDSS'08), February 2008. [31] H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda, “Capturing System-wide Information Flow for Malware Detection and Analysis”, 14th ACM Conference of Computer and Communication Security (CCS'07), October, 2007. [32] H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda, “Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis”, in Proceedings of the 14th ACM Conference of Computer and Communication Security (CCS'07), October, 2007. [33] BitBlaze Malware Analysis Service https://aerie.cs.berkeley.edu/index.php [34] CaptureBAT, https://www.honeynet.org/node/315 [35] Ida pro, http://www.hex-rays.com/idapro/ [36] Process Monitor, http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx [37] PuTTY, http://www.chiark.greenend.org.uk/~sgtatham/putty/ [38] QEMU, http://bellard.org/qemu/ [39] Red pill, http://invisiblethings.org/papers/redpill.html [40] ScoopyNG http://www.trapkit.de/research/vmm/scoopydoo/index.html [41] SRI malware threat center, http://mtc.sri.com/ [42] Symantec Global Internet Security Threat Report, (Trends for 2008) [43] VirtualBox, http://www.virtualbox.org/ [44] VMware, https://www.vmware.com [45] Wikipedia, http://en.wikipedia.org/
|