Search academic texts

Information × Registration Number 0220U103955, 0120U101800 , R & D reports Title Research, analysis and modeling of modern threats to the security of information systems, technologies of counteraction to the systems of modern antivirus software using mechanisms of anti-virtualization, anti-emulation and protection against debugging. popup.stage_title Head Novikov Oleksii M., Доктор технічних наук Registration Date 02-12-2020 Organization National Technical University of Ukraine "Igor Sikorsky Kyiv Polytechnic Institute" popup.description2 In this technical report analysis of methods of anti-virtualization, anti-emulation and debugging protection used by malicious software and attackers during targeted attacks are being investigated. The considered methods provide capabilities to effectively counteract modern antivirus protection, EDR, intrusion detection systems. In the study of anti-virtualization methods in addition to detecting popular virtualization tools based on VMWare, VirtualBox, QEMU, BOCHS, Xen, Wine, Sandboxie, Cuckoo Sandbox considered Windows Sandbox as part of Windows 10 2004. Analyzed methods for detecting tools based on it. In the analysis of anti-emulation tools, methods of automatic search for emulation features based on fuzzing of Windows API functions are considered. The software model of the AVLeak tool has been improved, the possibility of antivirus scanning in a remote system is provided, without the need to deploy additional software and without requirements for the antivirus setup process (no command line utilities and local deployment required). Among the new methods of protection against debugging and dynamic analysis are considered methods of process injection (herpaderping), methods of blocking the injected EDR code and counteracting the interception of Windows API at the user level. The obtained results can be used to improve the protection of information resources at the national level. Product Description popup.authors Ilin Kostiantyn I Ilin Mykola I Alekseichuk Lesia B Voitsekhovskyi Andrii V. Mazurenko Oksana A Novikov Oleksii M YAKOBCHUK DMYTRO І. popup.nrat_date 2020-12-02 Close