GPU-assisted malware

Giorgos Vasiliadis, Michalis Polychronakis, Sotiris Ioannidis

Research output: Contribution to journalArticle

5 Citations (Scopus)

Abstract

Malware writers constantly seek new methods to increase the infection lifetime of their malicious software. To that end, techniques such as code unpacking and polymorphism have become the norm for hindering automated or manual malware analysis and evading virus scanners. In this paper, we demonstrate how malware can take advantage of the ubiquitous and powerful graphics processing unit (GPU) to increase its robustness against analysis and detection. We present the design and implementation of brute-force unpacking and runtime polymorphism, two code armoring techniques based on the general-purpose computing capabilities of modern graphics processors. By running part of the malicious code on a different processor architecture with ample computational power, these techniques pose significant challenges to existing malware detection and analysis systems, which are tailored to the analysis of CPU code. We also discuss how upcoming GPU features can be used to build even more robust and evasive malware, as well as directions for potential defenses against GPU-assisted malware.

Original languageEnglish
Pages (from-to)289-297
Number of pages9
JournalInternational Journal of Information Security
Volume14
Issue number3
DOIs
Publication statusPublished - 1 Jun 2015

Fingerprint

Polymorphism
Computer viruses
Graphics processing unit
Malware
Program processors
Computer systems

Keywords

  • Evasion
  • GPU
  • Malware

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Cite this

GPU-assisted malware. / Vasiliadis, Giorgos; Polychronakis, Michalis; Ioannidis, Sotiris.

In: International Journal of Information Security, Vol. 14, No. 3, 01.06.2015, p. 289-297.

Research output: Contribution to journalArticle

Vasiliadis, Giorgos ; Polychronakis, Michalis ; Ioannidis, Sotiris. / GPU-assisted malware. In: International Journal of Information Security. 2015 ; Vol. 14, No. 3. pp. 289-297.
@article{fbb4ed64f317478ca45b4942d57180bf,
title = "GPU-assisted malware",
abstract = "Malware writers constantly seek new methods to increase the infection lifetime of their malicious software. To that end, techniques such as code unpacking and polymorphism have become the norm for hindering automated or manual malware analysis and evading virus scanners. In this paper, we demonstrate how malware can take advantage of the ubiquitous and powerful graphics processing unit (GPU) to increase its robustness against analysis and detection. We present the design and implementation of brute-force unpacking and runtime polymorphism, two code armoring techniques based on the general-purpose computing capabilities of modern graphics processors. By running part of the malicious code on a different processor architecture with ample computational power, these techniques pose significant challenges to existing malware detection and analysis systems, which are tailored to the analysis of CPU code. We also discuss how upcoming GPU features can be used to build even more robust and evasive malware, as well as directions for potential defenses against GPU-assisted malware.",
keywords = "Evasion, GPU, Malware",
author = "Giorgos Vasiliadis and Michalis Polychronakis and Sotiris Ioannidis",
year = "2015",
month = "6",
day = "1",
doi = "10.1007/s10207-014-0262-9",
language = "English",
volume = "14",
pages = "289--297",
journal = "International Journal of Information Security",
issn = "1615-5262",
publisher = "Springer Verlag",
number = "3",

}

TY - JOUR

T1 - GPU-assisted malware

AU - Vasiliadis, Giorgos

AU - Polychronakis, Michalis

AU - Ioannidis, Sotiris

PY - 2015/6/1

Y1 - 2015/6/1

N2 - Malware writers constantly seek new methods to increase the infection lifetime of their malicious software. To that end, techniques such as code unpacking and polymorphism have become the norm for hindering automated or manual malware analysis and evading virus scanners. In this paper, we demonstrate how malware can take advantage of the ubiquitous and powerful graphics processing unit (GPU) to increase its robustness against analysis and detection. We present the design and implementation of brute-force unpacking and runtime polymorphism, two code armoring techniques based on the general-purpose computing capabilities of modern graphics processors. By running part of the malicious code on a different processor architecture with ample computational power, these techniques pose significant challenges to existing malware detection and analysis systems, which are tailored to the analysis of CPU code. We also discuss how upcoming GPU features can be used to build even more robust and evasive malware, as well as directions for potential defenses against GPU-assisted malware.

AB - Malware writers constantly seek new methods to increase the infection lifetime of their malicious software. To that end, techniques such as code unpacking and polymorphism have become the norm for hindering automated or manual malware analysis and evading virus scanners. In this paper, we demonstrate how malware can take advantage of the ubiquitous and powerful graphics processing unit (GPU) to increase its robustness against analysis and detection. We present the design and implementation of brute-force unpacking and runtime polymorphism, two code armoring techniques based on the general-purpose computing capabilities of modern graphics processors. By running part of the malicious code on a different processor architecture with ample computational power, these techniques pose significant challenges to existing malware detection and analysis systems, which are tailored to the analysis of CPU code. We also discuss how upcoming GPU features can be used to build even more robust and evasive malware, as well as directions for potential defenses against GPU-assisted malware.

KW - Evasion

KW - GPU

KW - Malware

UR - http://www.scopus.com/inward/record.url?scp=85027925896&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85027925896&partnerID=8YFLogxK

U2 - 10.1007/s10207-014-0262-9

DO - 10.1007/s10207-014-0262-9

M3 - Article

VL - 14

SP - 289

EP - 297

JO - International Journal of Information Security

JF - International Journal of Information Security

SN - 1615-5262

IS - 3

ER -