An algorithm for scheduling of threads for system and application code split approach in dynamic malware analysis

被引:0
|
作者
Anastasia Pereberina
Alexey Kostyushko
Alexander Tormasov
机构
[1] MIPT,
[2] Innopolis University,undefined
来源
Journal of Computer Virology and Hacking Techniques | 2023年 / 19卷
关键词
Cybersecurity; Malware; Dynamic malware analysis; Hooks; CPU scheduling;
D O I
暂无
中图分类号
学科分类号
摘要
This paper discusses the development of tools for dynamic malware analysis. The main idea is to provide total control over a suspicious sample execution on the test computer. The approach we propose is to separate the application code from the system code by using memory page access control. Thus, we are able to detect all system API calls and non-standard ways to transfer the control flow. Our tools (codename ToolChain) intentionally consist of a Control module, a Scheduling module, and a Cloaking module. In our previous paper, we focused mainly on the Control module. In this paper, we introduce the Scheduling module. In case of multithreaded applications, we split threads into two pools, executing different code classes. We describe the hierarchical multiprocessor fair scheduling algorithm built upon Windows Round Robin with Priorities. In addition, we consider related cloaking techniques to hide performance degradation and the presence of the Scheduling module.
引用
收藏
页码:459 / 468
页数:9
相关论文
empty
未找到相关数据