Mitigando Técnicas de Anti-Instrumentação em DBI: Contramedidas baseadas em Overhead e Transparência

Francisco S. S. Neto; Henrique B. Campelo; Euler V. Silva; Eduardo L. Feitosa

doi:10.5753/sbseg.2025.10441

Francisco S. S. Neto UFAM
Henrique B. Campelo UFAM
Euler V. Silva UFAM / IFAM
Eduardo L. Feitosa UFAM

DOI: https://doi.org/10.5753/sbseg.2025.10441

Abstract

In this paper, we introduce three new countermeasures to mitigate overhead and transparency based anti-instrumentation techniques employed by context-aware malware to detect the presence of Dynamic Binary Instrumentation (DBI). We validated these countermeasures through proofs-of-concept in a controlled environment. The results indicate that it is possible to reduce the attack surface of such malware, promoting greater transparency and resilience in DBI-instrumented environments.

References

Nethercote, N. (2004). Dynamic binary analysis and instrumentation. Technical report, University of Cambridge, Computer Laboratory.

Polino, M., Continella, A., Mariani, S., D’Alessio, S., Fontana, L., Gritti, F., and Zanero, S. (2017). Measuring and defeating anti-instrumentation-equipped malware. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pages 73–96. Springer.

Rodríguez, R. J., Gaston, I. R., and Alonso, J. (2016). Towards the detection of isolation-aware malware. IEEE Latin America Transactions, 14(2):1024–1036.

Santos Filho, A. and Feitosa, E. (2019). Reduzindo a superfície de ataque dos frameworks de instrumentação binária dinâmica. In Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg), pages 253–266. SBC.

Mitigating Anti-Instrumentation Techniques in DBI: Overhead and Transparency-Based Countermeasures

Abstract

References

Most read articles by the same author(s)