Bypassing Heaven’s Gate Technique Using Black-Box Testing
In recent years, the number and sophistication of malware attacks on computer systems have increased significantly. One technique employed by malware authors to evade detection and analysis, known as Heaven’s Gate, enables 64-bit code to run within a 32-bit process. Heaven’s Gate exploits a feature...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2023-11-01
|
| Series: | Sensors |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1424-8220/23/23/9417 |
| _version_ | 1797399575809490944 |
|---|---|
| author | Seon-Jin Hwang Assem Utaliyeva Jae-Seok Kim Yoon-Ho Choi |
| author_facet | Seon-Jin Hwang Assem Utaliyeva Jae-Seok Kim Yoon-Ho Choi |
| author_sort | Seon-Jin Hwang |
| collection | DOAJ |
| description | In recent years, the number and sophistication of malware attacks on computer systems have increased significantly. One technique employed by malware authors to evade detection and analysis, known as Heaven’s Gate, enables 64-bit code to run within a 32-bit process. Heaven’s Gate exploits a feature in the operating system that allows the transition from a 32-bit mode to a 64-bit mode during execution, enabling the malware to evade detection by security software designed to monitor only 32-bit processes. Heaven’s Gate poses significant challenges for existing security tools, including dynamic binary instrumentation (DBI) tools, widely used for program analysis, unpacking, and de-virtualization. In this paper, we provide a comprehensive analysis of the Heaven’s Gate technique. We also propose a novel approach to bypass the Heaven’s Gate technique using black-box testing. Our experimental results show that the proposed approach effectively bypasses and prevents the Heaven’s Gate technique and strengthens the capabilities of DBI tools in combating advanced malware threats. |
| first_indexed | 2024-03-09T01:43:09Z |
| format | Article |
| id | doaj.art-8c9fa3655bfc4abbbd86902966a99ff2 |
| institution | Directory Open Access Journal |
| issn | 1424-8220 |
| language | English |
| last_indexed | 2024-03-09T01:43:09Z |
| publishDate | 2023-11-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Sensors |
| spelling | doaj.art-8c9fa3655bfc4abbbd86902966a99ff22023-12-08T15:25:55ZengMDPI AGSensors1424-82202023-11-012323941710.3390/s23239417Bypassing Heaven’s Gate Technique Using Black-Box TestingSeon-Jin Hwang0Assem Utaliyeva1Jae-Seok Kim2Yoon-Ho Choi3School of Computer Science and Engineering, Pusan National University, Busan 609-735, Republic of KoreaSchool of Computer Science and Engineering, Pusan National University, Busan 609-735, Republic of KoreaSchool of Computer Science and Engineering, Pusan National University, Busan 609-735, Republic of KoreaSchool of Computer Science and Engineering, Pusan National University, Busan 609-735, Republic of KoreaIn recent years, the number and sophistication of malware attacks on computer systems have increased significantly. One technique employed by malware authors to evade detection and analysis, known as Heaven’s Gate, enables 64-bit code to run within a 32-bit process. Heaven’s Gate exploits a feature in the operating system that allows the transition from a 32-bit mode to a 64-bit mode during execution, enabling the malware to evade detection by security software designed to monitor only 32-bit processes. Heaven’s Gate poses significant challenges for existing security tools, including dynamic binary instrumentation (DBI) tools, widely used for program analysis, unpacking, and de-virtualization. In this paper, we provide a comprehensive analysis of the Heaven’s Gate technique. We also propose a novel approach to bypass the Heaven’s Gate technique using black-box testing. Our experimental results show that the proposed approach effectively bypasses and prevents the Heaven’s Gate technique and strengthens the capabilities of DBI tools in combating advanced malware threats.https://www.mdpi.com/1424-8220/23/23/9417malware detectionanti-debuggingbypassing anti-debugging |
| spellingShingle | Seon-Jin Hwang Assem Utaliyeva Jae-Seok Kim Yoon-Ho Choi Bypassing Heaven’s Gate Technique Using Black-Box Testing Sensors malware detection anti-debugging bypassing anti-debugging |
| title | Bypassing Heaven’s Gate Technique Using Black-Box Testing |
| title_full | Bypassing Heaven’s Gate Technique Using Black-Box Testing |
| title_fullStr | Bypassing Heaven’s Gate Technique Using Black-Box Testing |
| title_full_unstemmed | Bypassing Heaven’s Gate Technique Using Black-Box Testing |
| title_short | Bypassing Heaven’s Gate Technique Using Black-Box Testing |
| title_sort | bypassing heaven s gate technique using black box testing |
| topic | malware detection anti-debugging bypassing anti-debugging |
| url | https://www.mdpi.com/1424-8220/23/23/9417 |
| work_keys_str_mv | AT seonjinhwang bypassingheavensgatetechniqueusingblackboxtesting AT assemutaliyeva bypassingheavensgatetechniqueusingblackboxtesting AT jaeseokkim bypassingheavensgatetechniqueusingblackboxtesting AT yoonhochoi bypassingheavensgatetechniqueusingblackboxtesting |