چارچوب ارزش‌گذاری اقدامات بدافزارها و مقابله‌کنندگان با رویکرد تحلیل مبتنی بر نظریه‌بازی مطالعه موردی: اقدامات بازیگران بر اساس شواهد محیطی

[1]  S. Parsa and A. Gooran Oorimi, “An Optimal and Transparent Framework for Automatic Analysis of Malware,” ADST J., vol. 7, pp. 71–80, 2016. (In Persian)

[2]  S. Parsa, H. Saifi, and M. H. Alaeian, “Providing a New Approach to Discovering Malware Behavioral Patterns Based on the Dependency Graph Between System Calls,” J. Electron. CYBER Def., vol. 4, no. 3 (15), pp. 47–59, 2016. (In Persian)

[3]  M. Abbasi, M.S Mohammadi, and M Ghayoori, “Modeling and analysis of competition between malware authors and security analysis, using game theory” , SPP, vol. 7, no. 23, 2017. (In Persian)

[4]  M. Sheikhmohammady, K. W. Hipel, H. Asilahijani, and D. Marc Kilgour, “Strategic analysis of the conflict over Iran’s nuclear program,” in Conference Proceedings - IEEE International Conference on Systems, Man and Cybernetics, 2009, pp. 1911–1916, doi: 10.1109/ICSMC.2009.5346148.

[5]  M. Abbasi and M. Sheikhmohamadi, “An approach based on game theory in modeling and analysis of inheritance of the deceased couple,” J. Res. Econ. Model, vol. 10, pp. 23-48 2016. (In Persian)

[6]  T. Sandholm, “Abstraction for solving large incomplete-information games,” in Proceedings of the National Conference on Artificial Intelligence, vol. 6, pp. 4127–4131, 2015.

[7]  Kroer and T. Sandholm, “Extensive-form game abstraction with bounds,” in Proceedings of the fifteenth ACM conference on Economics and computation, pp. 621–638, 2014.

[8]  Kroer and T. Sandholm, “Extensive-form game imperfect-recall abstractions with bounds,” arXiv Prepr. http//arxiv. org/abs/1409.3302, 2014.

[9]  F. K. Frantz, “A taxonomy of model abstraction techniques,” in Proceedings of the 27th conference on Winter simulation, pp. 1413–1420, 1995.

[10] P. Beaucamps, I. Gnaedig, and J. Y. Marion, “Behavior abstraction in malware analysis,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6418 LNCS, pp. 168–182, 2010.

[11] T. Colburn and G. Shute, “Abstraction in computer science,” Minds Mach., vol. 17, no. 2, pp. 169–184, 2007.

[12] N. Basilico and N. Gatti, “Automated abstractions for patrolling security games,” in Proceedings of the National Conference on Artificial Intelligence, vol. 2, pp. 1096–1101, 2011.

[13] Afianian, S. Niksefat, B. Sadeghiyan, and D. Baptiste, “Malware Dynamic Analysis Evasion Techniques: A Survey,” CoRR, vol. abs/1811.0, 2018.

[14] P. Mell, K. Scarfone, and S. Romanosky, “Common vulnerability scoring system,” IEEE Secur. Priv., vol. 4, no. 6, pp. 85–89, 2006.

[15] Common Vulnerability Scoring System SIG.” https://www.first.org/cvss/ (accessed Nov. 03, 2020).

[16] T. Shields, “Anti-debugging–a developers view,” Veracode Inc., USA, 2010.

[17] S. Gao and Q. Lin, “Debugging classification and anti-debugging strategies,” in Fourth International Conference on Machine Vision (ICMV 2011): Computer Vision and Image Analysis; Pattern Recognition and Basic Technologies, vol. 8350, p. 83503C, 2012.

[18] R. Rubira Branco, G. Negreira Barbosa, P. Drimel Neto, R. R. Branco, G. N. Barbosa, and P. D. Neto, “Scientific but Not Academical Overview of Malware Anti-Debugging, Anti-Disassembly and Anti- VM Technologies,” Black Hat, 2012.

[19] Bulazel and B. Yener, “A survey on automated dynamic malware analysis evasion and counter-evasion: PC, Mobile, and Web,” ACM Int. Conf. Proceeding Ser., pp. 1–21, 2017.

[20] M. Botacin et al., “Analysis, Anti-Analysis, Anti-Anti-Analysis: An Overview of the Evasive Malware Scenario,” no. Ic, pp. 1–38, 2017.

[21] Goldberg, D. Wagner, R. Thomas, and E. A. Brewer, “A secure environment for untrusted helper applications: Confining the wily hacker,” in Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography, 1996, vol. 6, p. 1.

[22] X. Chen et al., “Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware,” in 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN), 2008, pp. 177–186.

[23] M. Mehra and D. Pandey, “Event triggered malware: A new challenge to sandboxing,” in 12th IEEE International Conference Electronics, Energy, Environment, Communication, Computer, Control: (E3-C3), INDICON 2015, 2016.

[24] S. Reeves, “Detecting Malware and Sandbox Evasion Techniques,” Inf. Secur., p. 9, 2016.

[25] N. Miramirkhani, M. P. Appini, N. Nikiforakis, and M. Polychronakis, “Spotless Sandboxes: Evading Malware Analysis Systems Using Wear-and-Tear Artifacts,” in Proceedings - IEEE Symposium on Security and Privacy, 2017, pp. 1009–1024.

[26] “Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study | McAfee Blogs.” [Online]. Available: https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/evolution-of-malware-sandbox-evasion-tactics-a-retrospective-study/. [Accessed: 29-Oct-2019].

[27] R. Sihwail, K. Omar, and K. A. Z. Ariffin, “A survey on malware analysis techniques: Static, dynamic, hybrid and memory analysis,” Int. J. Adv. Sci. Eng. Inf. Technol., vol. 8, no. 4–2, pp. 1662–1671, 2018.

[28] M. J. Osborne, An introduction to game theory, vol. 3. Oxford University Press New York, 2004.

[29] D. S. Lutz and N. Howard, “Paradoxes of Rationality: Theory of Metagames and Political Behavior,” Technometrics, vol. 15, no. 3, p. 652, 1973, doi: 10.2307/1266876.

[30] N. Howard, “The present and future of metagame analysis,” Eur. J. Oper. Res., vol. 32, no. 1, pp. 1–25, 1987, doi: 10.1016/0377-2217(87)90267-0.

[31] N. M. Fraser and K. W. L. B. Hipel, Conflict analysis: models and resolutions, vol. 11. North-Holland, 1984.

[32] M. A. Takahashi, N. M. Fraser, and K. W. Hipel, “A procedure for analyzing hypergames,” Eur. J. Oper. Res., vol. 18, no. 1, pp. 111–122, 1984, doi: 10.1016/0377-2217(84)90268-6.

[33] N. Howard, “Drama theory and its relation to game theory. Part 1: dramatic resolution vs. rational solution,” Gr. Decis. Negot., vol. 3, no. 2, pp. 187–206, 1994.

[34] S. J. Brams and W. Mattli, “Theory of moves: Overview and examples,” Confl. Manag. Peace Sci., vol. 12, no. 2, pp. 1–39, 1993, doi: 10.1177/073889429301200201.

[35] Gilpin and T. Sandholm, “Lossless abstraction of imperfect information games,” J. ACM, vol. 54, no. 5, p. 25, 2007.

[36] Gilpin, T. Sandholm, and T. B. Sørensen, “Potential-aware automated abstraction of sequential games, and holistic equilibrium analysis of Texas Hold’em poker,” in Proceedings of the National Conference on Artificial Intelligence, 2007, vol. 1, pp. 50–57.

[37] Waugh, D. Schnizlein, M. Bowling, and D. Szafron, “Abstraction pathologies in extensive games,” in Proceedings of the International Joint Conference on Autonomous Agents and Multiagent Systems, AAMAS, 2009, vol. 2, pp. 870–877.

[38] T. Sandholm and S. Singh, “Lossy stochastic game abstraction with bounds,” in Proceedings of the 13th ACM Conference on Electronic Commerce, 2012, pp. 880–897, doi: 10.1145/2229012.2229079.

[39]  S. Balochian, and A. Izadipour, “Importance of Game Theory in Modelling and Solution of Network Centric Weapon Target Assignment with consideration to Target Intelligence”. C4I In Anais do SBSeg'17, XVII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pp. 250-263, 2019.

[40] Kroer and T. Sandholm, “Extensive-form game abstraction with bounds,” in Proceedings of the fifteenth ACM conference on Economics and computation, pp. 621–638, 2014.

[41] C. Kroer and T. Sandholm, “Extensive-form game imperfect-recall abstractions with bounds,” arXiv Prepr. http//arxiv. org/abs/1409.3302, 2014.

[42] K. Frantz, “A taxonomy of model abstraction techniques,” in Proceedings of the 27th conference on Winter simulation, pp. 1413–1420, 1995.

[43] S. Parsa and S. H. R. Aarabi, “A New Approach to Network Intrusion Detection Based on Hybrid Methods,” J. Electron. CYBER Def., vol. 5, no. 3 (19), pp. 79–93, 2017. (In Persian)

[44] The Cylance Threat Research Team, “threat-spotlight-satan-raas,” 2017. [Online]. Available: https://threatvector.cylance.com/en_us/home/threat-spotlight-satan-raas.html.

[45] P. Ferrie, “The ultimate anti-debugging reference,”, [Online]. Available: internal-pdf://251.172.174.167/The_Ultimate_Anti-Reversing_Reference.pdf, 2011.

[46] Kulchytskyi Oleg, “Anti-Debug Protection Techniques: Implementation and Neutralization,” www.codeproject.com, https://www.codeproject.com/Articles/1090943/Anti-Debug-Protection-Techniques-Implementation-an, 2016.

[47] T. Shields, “Anti-debugging–a developers view,” Veracode Inc., USA, 2010

[48] M. Sikorski, A. Honig, A. Mylonas, and D. Gritzalis, Practical malware analysis: the hands-on guide to dissecting malicious software, vol. 31, no. 6. no starch press, 2012.

[49] “Inkasso trojaner - part 3,” Curesec Security Research, 2013. https://curesec.com/blog/article/blog/Inkasso-Trojaner--Part-3-24.html.

[50] H. Shi and J. Mirkovic, “Hiding debuggers from malware with apate,” in Proceedings of the ACM Symposium on Applied Computing, vol. Part F1280, pp. 1703–1710, doi: 10.1145/3019612.3019791, 2017.

[51] Microsoft, “Acquiring high-resolution time stamps,” https://docs.microsoft.com/en-us/windows/win32/sysinfo/acquiring-high-resolution-time-stamps, 2018. (accessed Jan. 01, 2019)

[52] M. V. Yason and Ncent, “The Art of Unpacking,” Black Hat 2007,https://wikileaks.org/hbgary-emails//fileid/21224/6926, 2007.

[53] P. Ferrie, “Anti-unpacker tricks - part one,” Virus Bull. December, vol. 4, p. 4, doi: 10.1016/j.critrevonc.2016.03.005, 2008.

[54] T. Raffetseder, C. Kruegel, and E. Kirda, “Detecting system emulators,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4779 LNCS, pp. 1–18, doi: 10.1007/978-3-540-75496-1_1, 2007.

[55] Blackthorne, A. Bulazel, A. Fasano, P. Biernat, and B. Yener, “AVLeak: fingerprinting antivirus emulators through black-box testing,” in 10th {USENIX} Workshop on Offensive Technologies ({WOOT} 16), 2016.

[56] Pék, B. Bencsáth, L. Buttyán, G. Pek, B. Bencsath, and L. Buttyan, “nEther: In-guest Detection of Out-of-the-guest Malware Analyzers,” in Proceedings of the Fourth European Workshop on System Security, pp. 1-6 , 2011.

[57] C. Spensky, H. Hu, and K. Leach, “LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis,” in NDSS, 2017.

[58] T. Garfinkel, K. Adams, A. Warfield, and J. Franklin, “Compatibility is Not Transparency: VMM Detection Myths and Realities,” 2007.

[59] J. A. P. Marpaung, M. Sain, and H.-J. Lee, “Survey on malware evasion techniques: State of the art and challenges,” in 2012 14th International Conference on Advanced Communication Technology (ICACT), pp. 744–749, 2012.

[60] McAfee, “McAfee Labs Threats Report,” https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-jun-2017.pdf, 2017. (accessed Jan. 01, 2019).

[61] A. Kapravelos, M. Cova, C. Kruegel, and G. Vigna, “Escape from monkey island: Evading high-interaction honeyclients,” in International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 124–143, 2011.

[62] T. Morrow and J. Pitts, “Genetic Malware: Designing Payloads for Specific Targets,” Infiltrate, [Online]. Available: https://infiltratecon.com/archives/Genetic_Malware_Travis_Morrow_Josh_Pitts.pdf, 2016.

[63] D. Kirat, J. Jang, and M. P. Stoecklin, “DeepLocker Concealing Targeted Attacks with AI Locksmithing,” 2018.

B. Bencsáth, G. Pék, L. Buttyán, and M. Felegyhazi, “The cousins of stuxnet: Duqu, flame, and gauss,” Futur. Internet, vol. 4, no. 4, pp. 971–1003, 2012.