Hypervisor-assisted dynamic malware analysis

被引：0

作者：

Roee S. Leon

Michael Kiperberg

Anat Anatey Leon Zabag

Nezer Jacob Zaidenberg

机构：

[1] Shenkar College,

[2] Department of Software Engineering,undefined

[3] Shamoon College of Engineering,undefined

[4] College of Management Academic Studies,undefined

[5] University of Jyväskylä,undefined

来源：

Cybersecurity | / 4卷

关键词：

D O I：

暂无

中图分类号：

学科分类号：

摘要：

Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.

引用

共 58 条

[1]

Afianian A(2019)Malware dynamic analysis evasion techniques: A survey ACM Comput Surv (CSUR) 52 1-28

[2]

Basya D(2013)Structural entropy and metamorphic malware J Comput Virol Hacking Tech 9 179-192

[3]

Low R(2006)Dynamic analysis of malicious code J Comput Virol 2 67-77

[4]

Stamp M(2017)Memory forensics: The path forward Digit Investig 20 23-33

[5]

Bayer U(2018)Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory Expert Syst Appl 102 158-178

[6]

Case A(2020)On the Dissection of Evasive Malware IEEE Trans Inf Forensic Secur 15 2750-2765

[7]

Richard III GG(2012)Introlib: Efficient and transparent library call introspection for malware forensics Digit Investig 9 S13-S23

[8]

Cohen A(2008)A survey on automated dynamic malware-analysis techniques and tools ACM Comput Surv (CSUR) 44 1-42

[9]

Nissim N(2006)Attacks on virtual machine emulators Symantec Adv Threat Res 5 1-3

[10]

D’Elia DC(2014)Malware analysis and classification: A survey J Inf Secur 5 56-67

← 1 2 3 4 5 6 →