Hypervisor-assisted dynamic malware analysis
نویسندگان
چکیده
Abstract Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern uses an abundance techniques to evade both dynamic tools. Current solutions either make modifications the running or use higher privilege component that does actual analysis. The former can be easily detected by sophisticated while latter often induces significant performance overhead. We propose method performs within context OS itself. Furthermore, camouflaged hypervisor, which makes it completely transparent its applications. evaluation system’s efficiency suggests induced overhead negligible.
منابع مشابه
Hypervisor-based malware protection with AccessMiner
In this paper we discuss the design and implementation of AccessMiner, a system-centric behavioral malware detector. Our system is designed to model the general interactions between benign programs and the underlying operating system (OS). In this way, AccessMiner is able to capture which, and how, OS resources are used by normal applications and detect anomalous behavior in real-time. The adva...
متن کاملHardware assisted hypervisor introspection
In this paper, we introduce hypervisor introspection, an out-of-box way to monitor the execution of hypervisors. Similar to virtual machine introspection which has been proposed to protect virtual machines in an out-of-box way over the past decade, hypervisor introspection can be used to protect hypervisors which are the basis of cloud security. Virtual machine introspection tools are usually d...
متن کاملLarge - Scale Dynamic Malware Analysis
Malicious software (or malware) is one of the most pressing and major security threats facing the Internet today. Anti-virus companies typically have to deal with tens of thousands of new malware samples every day. To cope with these large quantities, researchers and practitioners alike have developed automated, dynamic malware analysis systems. These systems automatically execute a program in ...
متن کاملMalware Message Classification by Dynamic Analysis
The fact that new malware appear every day demands a strong response from anti-malware forces. For that sake, an analysis of new samples must be performed. Usually, one tries to replay the behavior of malware in a safe environment. However, some samples activate a malicious function only if they receive some particular inputs from its command and control server. The problem is then to get some ...
متن کاملTargeted Dynamic Analysis for Android Malware
Targeted Dynamic Analysis for Android Malware Michelle Wong Master of Applied Science Graduate Department of Electrical and Computer Engineering University of Toronto 2015 The identification and analysis of Android malware involves either static or dynamic program analysis of the malware binary. While static analysis has good code coverage, it is not as precise due to the lack of run-time infor...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Cybersecurity
سال: 2021
ISSN: ['2523-3246']
DOI: https://doi.org/10.1186/s42400-021-00083-9