Awesome
Software security paper list
This repository contains a curated list of papers relevant to:
- software security;
- program analysis; and
- systems security.
The list is divided into further sub-topics and include a sub-topic called "General" for papers that either have not been sorted into a sub-topic yet or do not fit into any sub-topics.
This list is maintained by:
PRs are very welcome.
Download all automatically
The auto_download.py
script can be used to download either all of the papers or the papers for a given subtopic.
auto_download.py
will create a directory out
in the current working directory if it does not already exist. Then it will create another folder in out
with the name of the sub-topic you are choosing to download or All
in case you download all papers.
Example uses:
# Download all papers
python ./auto_download.py All
# Download all papers related to Fuzzing
python ./auto_download.py Fuzzing
# Download all papers related to Malware
python ./auto_download.py Malware
Other paper lists
Papers
Table of contents:
- General
- Android
- Control-flow integrity
- Cyber-physical
- Symbolic execution
- Virtualisation
- Fuzzing
- Malware
- Binary analysis
General
- Bag of On-Phone ANNs to Secure IoT Objects Using Wearable and Smartphone Biometrics
- A Randomized Dynamic Program Analysis Technique for Detecting Real Deadlocks
- Randomized Active Atomicity Violation Detection in Concurrent Programs
- Privacy Oracle: a System for Finding Application Leaks with Black Box Differential Testing
- TypeSan: Practical Type Confusion Detection
- HexType: Efficient Detection of Type Confusion Errors for C++
- Dynamic Test Generation To Find Integer Bugs in x86 Binary Linux Programs
- Vulcan Binary transformation in a distributed environment
- Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features
- Path-Exploration Lifting: Hi-Fi Tests for Lo-Fi Emulators
- Robust Signatures for Kernel Data Structures
- DELTA: A Security Assessment Framework for Software-Defined Networks
- Simplifying and Isolating Failure-Inducing Input
- Fitness-Guided Path Exploration in Dynamic Symbolic Execution
- Enforceable Security Policies
- Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner
- Feedback-directed Random Test Generation
- Probability-Based Parameter Selection for Black-Box Fuzz Testing
- FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications
- Representation Dependence Testing using Program Inversion
- Deriving Input Syntactic Structure From Execution
- SoftBound: Highly Compatible and Complete Spatial Memory Safety for C
- CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines
- CETS: Compiler-Enforced Temporal Safety for C
- Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software
- NEZHA: Efficient Domain-Independent Differential Testing
- Prospex: Protocol Specification Extraction
- Understanding Integer Overflow in C/C++
- Polyglot: Automatic Extraction of Protocol Message Format using Dynamic Binary Analysis
- QTEP: Quality-Aware Test Case Prioritization
- Race Directed Random Testing of Concurrent Programs
- Type Casting Verification: Stopping an Emerging Attack Vector
- Towards Optimization-Safe Systems: Analyzing the Impact of Undefined Behavior
- Disco: Running commodity operating systems on scalable multiprocessors
- Jump-Oriented Programming: A New Class of Code-Reuse Attack
- Can DREs Provide Long-Lasting Security? The Case of Return-Oriented Programming and the AVC Advantage
- Decoupling dynamic program analysis from execution in virtual environments
- Understanding data lifetime via whole system simulation.
- Minos: Control Data Attack Prevention Orthogonal to Memory Model
- Tainting is Not Pointless
- Size Does Matter: Why Using Gadget-Chain Length to Prevent Code-Reuse Attacks is Hard
- ROPMEMU: A Framework for the Analysis of Complex Code-Reuse Attacks
- A virtual machine based information flow control system for policy enforcement
- The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86)
- SPIDER: Enabling Fast Patch Propagation In Related Software Repositories
- HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation
- PhishTime: Continuous Longitudinal Measurement of the Effectiveness of Anti-phishing Blacklists
- Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointers
- Sleak: automating address space layout derandomization
- Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues
- GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM
- Measuring E-mail header injections on the world wide web
- Detecting Deceptive Reviews Using Generative Adversarial Networks
- HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security
- Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks
- Exploitation and Mitigation of Authentication Schemes Based on Device-Public Information
- Piston: Uncooperative Remote Runtime Patching
- Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance
- Gossip: Automatically Identifying Malicious Domains from Mailing List Discussions
- POISED: Spotting Twitter Spam Off the Beaten Paths
- How Shall We Play a Game?: A Game-theoretical Model for Cyber-warfare Games
- Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis
- BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments
- Something from Nothing (There): Collecting Global IPv6 Datasets from DNS
- BootStomp: On the Security of Bootloaders in Mobile Devices
- DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers
- Taming Transactions: Towards Hardware-Assisted Control Flow Integrity Using Transactional Memory
- SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis
- Quickly generating diverse valid test inputs with reinforcement learning
- Mining Temporal Properties of Data Invariants
- General LTL Specification Mining
- Investigating Program BehaviorUsing the Texada LTL Specifications Miner
- Know Your Achilles' Heel: Automatic Detection of Network Critical Services
- Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware
- EVILCOHORT: Detecting Communities of Malicious Accounts on Online Services
- Meerkat: Detecting Website Defacements through Image-based Object Recognition
- How the ELF Ruined Christmas
- ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities
- Framing Dependencies Introduced by Underground Commoditization
- The harvester, the botmaster, and the spammer: on the relations between the different actors in the spam landscape
- PExy: The Other Side of Exploit Kits
- The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements
- Rippler: Delay injection for service dependency detection
- Eyes of a Human, Eyes of a Program: Leveraging Different Views of the Web for Analysis and Detection
- Extracting probable command and control signatures for detecting botnets
- Stranger danger: exploring the ecosystem of ad-based URL shortening services
- Relevant change detection: a framework for the precise extraction of modified and novel web-based content as a filtering technique for analysis engines
- Message in a bottle: sailing past censorship
- deDacota: toward preventing server-side XSS via automatic code and data separation
- Follow the green: growth and dynamics in twitter follower markets
- COMPA: Detecting Compromised Accounts on Social Networks
- Clickonomics: Determining the Effect of Anti-Piracy Measures for One-Click Hosting
- Practical Attacks against the I2P Network
- EARs in the wild: large-scale analysis of execution after redirect vulnerabilities
- Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting
- Revolver: An Automated Approach to the Detection of Evasive Web-based Malware
- Steal This Movie: Automatically Bypassing DRM Protection in Streaming Media Services
- Two years of short URLs internet measurement: security threats and countermeasures
- PeerPress: utilizing enemies' P2P strength against them
- You are what you include: large-scale evaluation of remote javascript inclusions
- Tracking Memory Writes for Malware Classification and Code Reuse Identification
- ViewPoints: differential string analysis for discovering client- and server-side input validation inconsistencies
- A quantitative study of accuracy in system call-based malware detection
- Enforcing dynamic spectrum access with spectrum permits
- Detecting social cliques for automated privacy control in online social networks
- B@bel: Leveraging Email Delivery for Spam Mitigation
- PUBCRAWL: Protecting Users and Businesses from CRAWLers
- Poultry markets: on the underground economy of twitter followers
- Past-sensitive pointer analysis for symbolic execution
- MVEDSUA: Higher Availability Dynamic Software Updates via Multi-Version Execution
- Computing summaries of string loops in C for better testing and refactoring
- A segmented memory model for symbolic execution
- FreeDA: deploying incompatible stock dynamic analyses in production via multi-version execution
- RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization
- BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy
- SMoTherSpectre: Exploiting Speculative Execution through Port Contention
- PoLPer: Process-Aware Restriction of Over-Privileged Setuid Calls in Legacy Applications
- BenchIoT: A Security Benchmark for the Internet of Things
- Butterfly Attack: Adversarial Manipulation of Temporal Properties of Cyber-Physical Systems
- SoK: Shining Light on Shadow Stacks
- Pythia: Remote Oracles for the Masses
- CUP: Comprehensive User-Space Protection for C/C++
- Milkomeda: Safeguarding the Mobile GPU Interface Using WebGL Security Checks
- Block Oriented Programming: Automating Data-Only Attacks
- CFIXX: Object Type Integrity for C++
- ACES: Automatic Compartments for Embedded Systems
- Memory Safety for Embedded Devices with nesCheck
- DataShield: Configurable Data Confidentiality and Integrity
- Protecting Bare-Metal Embedded Systems with Privilege Overlays
- Venerable Variadic Vulnerabilities Vanquished
- One Process to Reap Them All: Garbage Collection as-a-Service
- Enforcing Least Privilege Memory Views for Multithreaded Applications
- Forgery-Resistant Touch-based Authentication on Mobile Devices
- VTrust: Regaining Trust on Virtual Calls
- PSHAPE: Automatically Combining Gadgets for Arbitrary Method Execution
- Klotski: Efficient Obfuscated Execution against Controlled-Channel Attacks
- PatchScope: Memory Object Centric Patch Diffing
- Chaser: An Enhanced Fault Injection Tool for Tracing Soft Errors in MPI Applications
- ChaffyScript: Vulnerability-Agnostic Defense of JavaScript Exploits via Memory Perturbation
- Extracting Conditional Formulas for Cross-Platform Bug Search
- Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection
- SoK: Cyber Insurance - Technical Challenges and a System Security Roadmap
- BakingTimer: privacy analysis of server-side request processing time
- Data-Confined HTML5 Applications
- SoK: Eternal War in Memory
- High System-Code Security with Low Overhead
- Code-Pointer Integrity
- -OVERIFY: Optimizing Programs for Fast Verification
Android
- Android Permissions Demystified
- IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware
- PScout: Analyzing the Android Permission Specification
- Broken Fingers: On the Usage of the Fingerprint API in Android
- Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy
- TriggerScope: Towards Detecting Logic Bombs in Android Applications
- BareDroid: Large-Scale Analysis of Android Apps on Real Devices
- Grab 'n Run: Secure and Practical Dynamic Code Loading for Android Applications
- NJAS: Sandboxing Unmodified Applications in non-rooted Devices Running stock Android
- On the Security and Engineering Implications of Finer-Grained Access Controls for Android Developers and Users
- EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework
- CLAPP: characterizing loops in Android applications
- What the App is That? Deception and Countermeasures in the Android User Interface
- Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications
- An empirical study of cryptographic misuse in android applications
- Automatic Generation of Non-intrusive Updates for Third-Party Libraries in Android Applications
- Parallel Space Traveling: A Security Analysis of App-Level Virtualization in Android
Control-flow integrity
- Fine-Grained Control-Flow Integrity for Kernel Software
- Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection
- Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM
Cyber-physical
Symbolic execution
- Symbolic Execution and Program Testing
- DART: Directed Automated Random Testing
- Directed Greybox Fuzzing
- The s2e platform: Design, implementation, and applications
- S2E: A Platform for In-Vivo Multi-Path Analysis of Software Systems
- Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs
- Exe: automatically generating inputs of death
- CUTE: A Concolic Unit Testing Engine for C
- Qsym : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
- All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask)
- CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems
- Driller: Augmenting Fuzzing Through Selective Symbolic Execution
- Enhancing Symbolic Execution with Veritesting
- SYMBION: Interleaving Symbolic with Concrete Execution
- AutoPandas: Neural-Backed Generators for ProgramSynthesis
- Chopped symbolic execution
- PARTI: a multi-interval theory solver for symbolic execution
- Accelerating array constraints in symbolic execution
- Automatic testing of symbolic execution engines via program generation and differential testing
- Floating-point symbolic execution: a case study in n-version programming
- A DSL Approach to Reconcile Equivalent Divergent Program Executions
- Analysing the program analyser
- Shadow of a doubt: testing for divergences between software versions
- Symbooglix: A Symbolic Execution Engine for Boogie Programs
- VARAN the Unbelievable: An Efficient N-version Execution Framework
- Targeted program transformations for symbolic execution
- Shadow symbolic execution for better testing of evolving software
- Covrig: a framework for the analysis of code, test, and coverage evolution in real software
- Multi-solver Support in Symbolic Execution
- Efficient State Merging in Symbolic Execution
- Testing Closed-Source Binary Device Drivers with DDT
- Running symbolic execution forever
Program instrumentation
- Valgrind: A framework for heavyweight dynamic binary instrumentation
- Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation
- Llvm: A compilation framework for lifelong program analysis & transformation
- PEBIL: Efficient Static Binary Instrumentation for Linux
- DECAF++: Elastic Whole-System Dynamic Taint Analysis
- Make It Work, Make It Right, Make It Fast: Building a Platform-Neutral Whole-System Dynamic Binary Analysis Platform
- Repeateable Reverse Engineering for the Greater Good with PANDA
Sanitizer
- AddressSanitizer: A Fast Address Sanity Checker
- MemorySanitizer: fast detector of uninitialized memory use in C++
- ThreadSanitizer – data race detection in practice
- FuZZan: Efficient Sanitizer Metadata Design for Fuzzing
Virtualisation
- Xen and the Art of Virtualization
- QEMU, a Fast and Portable Dynamic Translator
- Kvm: the linux virtual machine monitor
- Virtualization without direct execution or jitting: Designing a portable virtual machine infrastructure.
- Argos: an emulator for fingerprinting zero-day attacks
- Digtool: A Virtualization-Based Framework for Detecting Kernel Vulnerabilities
Fuzzing
- USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation
- FirmFuzz: Automated IoT Firmware Introspection and Analysis
- Evaluating Fuzz Testing
- Billions and Billions of Constraints: Whitebox Fuzz Testing in Production
- Fuzzing: The State of the Art
- Automated Test Input Generation for Android: Are We There Yet?
- Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing
- Scheduling Black-box Mutational Fuzzing
- T-Fuzz: Fuzzing by Program Transformation
- Hawkeye: Towards a Desired Directed Grey-box Fuzzer
- Taint-based Directed Whitebox Fuzzing
- Detecting Atomic-Set Serializability Violations in Multithreaded Programs through Active Randomized Testing
- Statically-Directed Dynamic Automated Test Generation
- Systematic Fuzzing and Testing of TLS Libraries
- STADS: Software Testing as Species Discovery
- PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary
- Random Testing for Security: Blackbox vs. Whitebox Fuzzing
- perf fuzzer: Targeted Fuzzing of the perf event open() System Call
- PULSAR: Stateful Black-Box Fuzzing of Proprietary Network Protocols
- Learn&Fuzz: Machine Learning for Input Fuzzing
- Model-Based Whitebox Fuzzing for Program Binaries
- FairFuzz: A Targeted Mutation Strategy for Increasing Greybox Fuzz Testing Coverage
- LZfuzz: a fast compression-based fuzzer for poorly documented protocols
- jFuzz: A Concolic Whitebox Fuzzer for Java
- T-Fuzz: Model-Based Fuzzing for Robustness Testing of Telecommunication Protocols
- VUzzer: Application-aware Evolutionary Fuzzing
- MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation
- Automated Whitebox Fuzz Testing
- KameleonFuzz: Evolutionary Fuzzing for Black-Box XSS Detection
- Grammar-based Whitebox Fuzzing
- Skyfire: Data-Driven Seed Generation for Fuzzing
- CollAFL: Path Sensitive Fuzzing
- PerfFuzz: Automatically Generating Pathological Inputs
- Pex–White Box Test Generation for .NET
- IMF: Inferred Model-based Fuzzer
- Many-Core Compiler Fuzzing
- QuickFuzz: An Automatic Random Fuzzer for Common File Formats
- Steelix: program-state based binary fuzzing
- kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
- Fuzzing with Code Fragments
- Optimizing Seed Selection for Fuzzing
- Protocol State Fuzzing of TLS Implementations
- Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution
- A Framework for File Format Fuzzing with Genetic Algorithms
- Differential Testing for Software
- Effective Random Testing of Concurrent Programs
- HFL: Hybrid Fuzzing on the Linux Kernel
- HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing
- HYPER-CUBE: High-Dimensional Hypervisor Fuzzing
- Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization
- REDQUEEN: Fuzzing with Input-to-State Correspondence
- Life after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice Assistant Applications
- INSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing
- IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing
- What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices
- Fuzzing JavaScript Engines with Aspect-preserving Mutation
- IJON: Exploring Deep State Spaces via Fuzzing
- Krace: Data Race Fuzzing for Kernel File Systems
- Pangolin:Incremental Hybrid Fuzzing with Polyhedral Path Abstraction
- Full-speed Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing
- Fuzzing File Systems via Two-Dimensional Input Space Exploration
- NEUZZ: Efficient Fuzzing with Neural Program Smoothing
- Razzer: Finding Kernel Race Bugs through Fuzzing
- Program-Adaptive Mutational Fuzzing
- TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection
- FANS: Fuzzing Android Native System Services via Automated Interface Analysis
- Analysis of DTLS Implementations Using Protocol State Fuzzing
- EcoFuzz: Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial Multi-Armed Bandit
- Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection
- FuzzGen: Automatic Fuzzer Generation
- ParmeSan: Sanitizer-guided Greybox Fuzzing
- SpecFuzz: Bringing Spectre-type vulnerabilities to the surface
- FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning
- Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer
- GREYONE: Data Flow Sensitive Fuzzing
- Fuzzification: Anti-Fuzzing Techniques
- AntiFuzz: Impeding Fuzzing Audits of Binary Executables
- Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems
- OSS-Fuzz - Google's continuous fuzzing service for open source software
- Intriguer: Field-Level Constraint Solving for Hybrid Fuzzing
- Learning to Fuzz from Symbolic Execution with Application to Smart Contracts
- Matryoshka: fuzzing deeply nested branches
- SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits
- AFL-based Fuzzing for Java with Kelinci
- SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities
- DIFUZE: Interface Aware Fuzzing for Kernel Drivers
- Coverage-based Greybox Fuzzing as Markov Chain
- eFuzz: A Fuzzer for DLMS/COSEM Electricity Meters
- Taming compiler fuzzers
- SAGE: whitebox fuzzing for security testing
- Synthesizing Racy Tests
- Coverage-Directed Differential Testing of JVM Implementations
- Synthesizing Program Input Grammars
- Angora: Efficient Fuzzing by Principled Search
- Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File
- IFuzzer: An Evolutionary Interpreter Fuzzer using Genetic Programming
- Designing New Operating Primitives to Improve Fuzzing Performance
- Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations
- Automated Testing for SQL Injection Vulnerabilities: An Input Mutation Approach
- Turning Programs against Each Other: High Coverage Fuzz-Testing using Binary-Code Mutation and Dynamic Slicing
- KiF: A stateful SIP Fuzzer
- GRT: Program-Analysis-Guided Random Testing
- Autodafe: an Act of Software Torture
- Singularity: Pattern Fuzzing for Worst Case Complexity
- Exploring Abstraction Functions in Fuzzing
- FuzzFactory: domain-specific fuzzing with waypoints
- Zest: Validity Fuzzing and Parametric Generators for Effective Random Testing
- Semantic fuzzing with zest
- JQF: coverage-guided property-based testing in Java
- FUDGE: fuzz driver generation at scale
- FairFuzz: Targeting Rare Branches to Rapidly Increase Greybox Fuzz Testing Coverage
- FIRM-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation
- Be Sensitive and Collaborative: Analyzing Impact of Coverage Metrics in Greybox Fuzzing
- Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing
Malware
- An Abstract Theory of Computer Viruses
- Precise system-wide concatic malware unpacking
- A characterisation of system-wide propagation in the malware landscape
- Capturing Malware Propagations with Code Injections and Code-Reuse Attacks
- System-level support for intrusion recovery
- Repeconstruct: reconstructing binaries with self-modifying code and import address table destruction
- Automated classification and analysis of internet malware
- WYSINWYX: What You See Is Not What You eXecute
- Quincy: Detecting Host-Based Code Injection Attacks in Memory Dumps
- Bee master: Detecting host-based code injection attacks
- Host-based code injection attacks: A popular technique used by malware
- Scalable, Behavior-Based Malware Clustering
- A View on Current Malware Behaviors
- Dynamic analysis of malicious code
- Behavior abstraction in malware analysis.
- Detecting Hardware-Assisted Virtualization
- BitScope: Automatically Dissecting Malicious Binaries
- On the Limits of Information Flow Techniques for Malware Analysis and Containment
- Understanding Linux Malware
- Ether: Malware Analysis via Hardware Virtualization Extensions
- Dynamic Spyware Analysis
- A Survey on Automated Dynamic Malware Analysis Techniques and Tools
- CodeXt: Automatic Extraction of Obfuscated Attack Code from Memory Dump
- A Survey of Mobile Malware in the Wild
- Attacks on More Virtual Machine Emulators
- Malware as interaction machines: A new framework for behavior modelling
- Malware dynamic recompilation
- Secure and advanced unpacking using computer emulation.
- Renovo: A Hidden Code Extractor for Packed Executables
- Emulating Emulation-Resistant Malware
- Backtracking intrusions
- Counteracting Data-Only Malware with Code Pointer Examination
- The power of procrastination: Detection and mitigation of execution-stalling malicious code
- Polymorphic worm detection using structural information of executables.
- Static disassembly of obfuscated binaries
- Testing closedsource binary device drivers with ddt
- The dropper effect: Insights into malware distribution with downloader graph analytics
- Exploiting diverse observation perspectives to get insights on the malware landscape
- Scalability, fidelity and stealth in the drakvuf dynamic malware analysis system
- Graph matching networks for learning the similarity of graph structured objects
- Detecting environment-sensitive malware
- Omniunpack: Fast, generic, and safe unpacking of malware
- Exploring multiple execution paths for malware analysis
- Malpedia: A collaborative effort to inventorize the malware landscape
- Rop payload detection using speculative code execution
- Sweetbait: Zero-hour worm detection and containment using low- and high-interaction honeypots
- Paranoid android: Versatile protection for smartphones
- Detecting system emulators
- Large-scale analysis of malware downloaders
- Prudent practices for designing malware experiments: Status quo and outlook
- Polyunpack: Automating the hidden-code extraction of unpack-executing malware
- AVCLASS: A Tool for Massive Malware Labeling
- A fast automaton-based method for detecting anomalous program behaviors
- Malrec: Compact fulltrace malware recording for retrospective deep analysis
- Eureka: A framework for enabling static malware analysis
- Pointless tainting?: Evaluating the practicality of pointer tainting
- Deepmem: Learning graph neural network models for fast and robust memory forensic analysis
- Sok: Deep packer inspection: A longitudinal study of the complexity of run-time packers
- Evading android runtime analysis via sandbox detection
- Persistent data-only malware: Function hooks without code
- Deep ground truth analysis of current android malware
- Mose: Live migration based on-the-fly software emulation
- Toward automated dynamic malware analysis using cwsandbox
- Cxpinspector: Hypervisorbased, hardware-assisted system monitoring
- A generic approach to automatic deobfuscation of executable code
- Symbolic execution of obfuscated code
- V2e: Combining hardware virtualization and software emulation for transparent and extensible malware analysis
- Droidscope: Seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis
- Panorama: Capturing system-wide information flow for malware detection and analysis
- Dissecting android malware: Characterization and Evolution
- Abusing File Processing in Malware Detectors for Fun and Profit
- Input Generation via Decomposition and Re-Stitching: Finding Bugs in Malware
- Hulk: Eliciting Malicious Behavior in Browser Extensions
- Mining specifications of malicious behavior
- When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features
- Neurlux: dynamic malware analysis without feature engineering
- Using Loops For Malware Classification Resilient to Feature-unaware Perturbations
- Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates
- MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense
- Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations in Android Apps
- JSForce: A Forced Execution Engine for Malicious JavaScript Detection
- Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation
- Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis
- malWASH: Washing Malware to Evade Dynamic Analysis
- Jarhead analysis and detection of malicious Java applets
- Blacksheep: detecting compromised hosts in homogeneous crowds
- BareCloud: Bare-metal Analysis-based Evasive Malware Detection
- Making Malory Behave Maliciously: Targeted Fuzzing of Android Execution Environments
- A Static, Packer-Agnostic Filter to Detect Similar Malware Samples
- FlashDetect: ActionScript 3 Malware Detection
Binary analysis
- ByteWeight: Learning to Recognize Functions in Binary Code
- CoDisasm: Medium Scale Concatic Disassembly of Self-Modifying Binaries with Overlapping Instructions
- Minemu: The World’s Fastest Taint Tracker
- When good instructions go bad: Generalizing return-oriented programming to risc.
- An API for Runtime Code Patching
- Reverse Engineering of Binary Device Drivers with RevNIC
- https://apps.dtic.mil/sti/pdfs/AD1034415.pdf
- Graph-based comparison of executable objects
- TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
- Structural Comparison of Executable Objects
- Labeling library functions in stripped binaries
- Jakstab: A static analysis platform for binaries
- Learning to Analyze Binary Computer Code
- Architecture-independent dynamic information flow tracking
- Decompilation of binary programs.
- A Platform for Secure Static Binary Instrumentation
- Tupni: Automatic Reverse Engineering of Input Formats
- RETracer: Triaging Crashes by Reverse Execution from Partial Memory Dumps
- Cryptographic Function Detection in Obfuscated Binaries via Bit-precise Symbolic Loop Mapping
- Karonte: Detecting Insecure Multi-binary Interactions in Embedded Firmware
- BootKeeper: Validating Software Integrity Properties on Boot Firmware Images
- BinTrimmer: Towards Static Binary Debloating Through Abstract Interpretation
- Ramblr: Making Reassembly Great Again
- rev.ng: a unified binary analysis framework to recover CFGs and function boundaries
- Enabling sophisticated analyses of ×86 binaries with RevGen
- HI-CFG: Construction by Binary Analysis and Application to Attack Polymorphism
- DeepBinDiff: Learning Program-Wide Code Representations for Binary Diffing