Bypassing Heaven's Gate Technique Using Black-Box Testing.
Sensors (Basel)
; 23(23)2023 Nov 26.
Article
em En
| MEDLINE
| ID: mdl-38067790
ABSTRACT
In recent years, the number and sophistication of malware attacks on computer systems have increased significantly. One technique employed by malware authors to evade detection and analysis, known as Heaven's Gate, enables 64-bit code to run within a 32-bit process. Heaven's Gate exploits a feature in the operating system that allows the transition from a 32-bit mode to a 64-bit mode during execution, enabling the malware to evade detection by security software designed to monitor only 32-bit processes. Heaven's Gate poses significant challenges for existing security tools, including dynamic binary instrumentation (DBI) tools, widely used for program analysis, unpacking, and de-virtualization. In this paper, we provide a comprehensive analysis of the Heaven's Gate technique. We also propose a novel approach to bypass the Heaven's Gate technique using black-box testing. Our experimental results show that the proposed approach effectively bypasses and prevents the Heaven's Gate technique and strengthens the capabilities of DBI tools in combating advanced malware threats.
Texto completo:
1
Coleções:
01-internacional
Base de dados:
MEDLINE
Idioma:
En
Revista:
Sensors (Basel)
Ano de publicação:
2023
Tipo de documento:
Article