ENVIRONMENTAL MONITORING DETECTOR
Publisher
The University of Arizona.Rights
Copyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.Abstract
Malware authors have developed many techniques that allow a malicious program to change its behavior, many of which require information from the computing environment. To fully understand how malware will affect a system, all behaviors it can exhibit need to be examined, so tools are needed that can expose when malware uses information from its environment to change its behavior. This project created such a tool called the environmental monitoring detector that will run a malicious program and search for cases of environmental monitoring while the malware is running. The tool is able to detect when a program uses environmental information to conditionally change its execution path; however, it has been found to be ineffective against obfuscated programs due to the lack of instruction specific taint propagation policies.Type
textElectronic Thesis
Degree Name
B.S.Degree Level
BachelorsDegree Program
Honors CollegeComputer Science