An algorithm for scheduling of threads for system and application code split approach in dynamic malware analysis

被引:0
|
作者
Anastasia Pereberina
Alexey Kostyushko
Alexander Tormasov
机构
[1] MIPT,
[2] Innopolis University,undefined
来源
Journal of Computer Virology and Hacking Techniques | 2023年 / 19卷
关键词
Cybersecurity; Malware; Dynamic malware analysis; Hooks; CPU scheduling;
D O I
暂无
中图分类号
学科分类号
摘要
This paper discusses the development of tools for dynamic malware analysis. The main idea is to provide total control over a suspicious sample execution on the test computer. The approach we propose is to separate the application code from the system code by using memory page access control. Thus, we are able to detect all system API calls and non-standard ways to transfer the control flow. Our tools (codename ToolChain) intentionally consist of a Control module, a Scheduling module, and a Cloaking module. In our previous paper, we focused mainly on the Control module. In this paper, we introduce the Scheduling module. In case of multithreaded applications, we split threads into two pools, executing different code classes. We describe the hierarchical multiprocessor fair scheduling algorithm built upon Windows Round Robin with Priorities. In addition, we consider related cloaking techniques to hide performance degradation and the presence of the Scheduling module.
引用
收藏
页码:459 / 468
页数:9
相关论文
共 50 条
  • [1] An algorithm for scheduling of threads for system and application code split approach in dynamic malware analysis
    Pereberina, Anastasia
    Kostyushko, Alexey
    Tormasov, Alexander
    JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2023, 19 (03) : 459 - 468
  • [2] An approach to dynamic malware analysis based on system and application code split
    Anastasia Pereberina
    Alexey Kostyushko
    Alexander Tormasov
    Journal of Computer Virology and Hacking Techniques, 2022, 18 : 231 - 241
  • [3] An approach to dynamic malware analysis based on system and application code split
    Pereberina, Anastasia
    Kostyushko, Alexey
    Tormasov, Alexander
    JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2022, 18 (03) : 231 - 241
  • [4] Genetic algorithm with symmetric code and its application to dynamic system
    Meng, Qingchun
    Zhou, Changjiu
    Ji, Hongbo
    Huang, Loulin
    Leong, Kinseng
    Tien Tzu Hsueh Pao/Acta Electronica Sinica, 1999, 27 (02): : 59 - 63
  • [5] A New Malware Classification Approach Based on Malware Dynamic Analysis
    Fang, Ying
    Yu, Bo
    Tang, Yong
    Liu, Liu
    Lu, Zexin
    Wang, Yi
    Yang, Qiang
    INFORMATION SECURITY AND PRIVACY, ACISP 2017, PT II, 2017, 10343 : 173 - 189
  • [6] Binary code analysis for malware with expansive static analysis and dynamic emulation
    Izumida, Tomonori
    Mori, Akira
    Futatsugi, Kokichi
    Computer Software, 2012, 29 (04) : 199 - 218
  • [7] Application of PrefixSpan* Algorithm in Malware Detection Expert System
    Wang, Lina
    Tan, Xiaobin
    Pan, Jianfeng
    Xi, Hongsheng
    PROCEEDINGS OF THE FIRST INTERNATIONAL WORKSHOP ON EDUCATION TECHNOLOGY AND COMPUTER SCIENCE, VOL III, 2009, : 448 - 452
  • [8] Dynamic Malware Analysis Using Machine Learning Algorithm
    Udayakumar, N.
    Anandaselvi, S.
    Subbulakshmi, T.
    PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON INTELLIGENT SUSTAINABLE SYSTEMS (ICISS 2017), 2017, : 795 - 800
  • [9] A genetic algorithm approach to system scheduling
    Todd, DS
    Scott, JA
    Sen, P
    LARGE SCALE SYSTEMS: THEORY AND APPLICATIONS 1998 (LSS'98), VOL 1, 1999, : 277 - 282
  • [10] Detecting Malware Activities With MalpMiner: A Dynamic Analysis Approach
    Abdelwahed, Mustafa F.
    Kamal, Mustafa M.
    Sayed, Samir G.
    IEEE ACCESS, 2023, 11 : 84772 - 84784