Sort:
Regular Paper Issue
WOWAF: Enhanced Dynamic Binary Analysis Framework Targeting Windows-on-Windows 64-Bit Environments
Journal of Computer Science and Technology 2026, 41(2): 825-842
Published: 31 March 2026
Abstract Collect

Dynamic binary program analysis plays a crucial role in software vulnerability discovery and malicious code analysis. While 64-bit computing environments have become prevalent, numerous applications still utilize their 32-bit counterparts due to factors such as compatibility considerations, including both regular software and malware. Traditional dynamic analysis frameworks are not optimized for the analysis of 32-bit and mixed-mode programs. As a result, they often encounter issues such as anomalies and performance problems when applied to specific application analysis. To address these issues, this paper proposes WOWAF, an enhanced dynamic binary analysis framework tailored for Windows-on-Windows 64-bit (WOW64) environments that enables efficient fine-grained analysis of target applications. The framework is implemented on the built-in emulator in 64-bit Windows operating systems, facilitating effective and stable analysis of both pure 32-bit programs and mixed applications. By leveraging kernel features, the framework facilitates dynamic instrumentation of target programs, while incorporating a novel shadow memory allocation management scheme to minimize impact on program execution, and demonstrates its good deployment feasibility. The effectiveness of WOWAF is validated through comprehensive evaluations of diverse applications in real-world environments, such as exploit programs and evasive malware samples. Additionally, systematic benchmark experiments further demonstrate its strong analytical performance.

Open Access Issue
Malware Evasion Attacks Against IoT and Other Devices: An Empirical Study
Tsinghua Science and Technology 2024, 29(1): 127-142
Published: 21 August 2023
Abstract PDF (3.4 MB) Collect
Downloads:73

The Internet of Things (IoT) has grown rapidly due to artificial intelligence driven edge computing. While enabling many new functions, edge computing devices expand the vulnerability surface and have become the target of malware attacks. Moreover, attackers have used advanced techniques to evade defenses by transforming their malware into functionality-preserving variants. We systematically analyze such evasion attacks and conduct a large-scale empirical study in this paper to evaluate their impact on security. More specifically, we focus on two forms of evasion attacks: obfuscation and adversarial attacks. To the best of our knowledge, this paper is the first to investigate and contrast the two families of evasion attacks systematically. We apply 10 obfuscation attacks and 9 adversarial attacks to 2870 malware examples. The obtained findings are as follows. (1) Commercial Off-The-Shelf (COTS) malware detectors are vulnerable to evasion attacks. (2) Adversarial attacks affect COTS malware detectors slightly more effectively than obfuscated malware examples. (3) Code similarity detection approaches can be affected by obfuscated examples and are barely affected by adversarial attacks. (4) These attacks can preserve the functionality of original malware examples.

Total 2