Countering kernel malware in virtual execution environments
نویسنده
چکیده
iii For my family iv ACKNOWLEDGEMENTS First of all, I wish to express my sincere thanks to my advisor, Dr. John Copeland for his insight guidance, endless patience and support. Without his help, this research could not have been completed. I am indebted to him. Dr. Alessandro (Alex) Orso and Dr Raheem Beyah for their valuable times, professional suggestions and gracious services on my committee. Myounghwan Lee for their valuable time and friendship. My most special thanks go to my parents Jiarang Xuan, Xiuying Zhu, and my wife Hu Tu for their everlasting encouragement, support and love.
منابع مشابه
Toward Revealing Kernel Malware Behavior in Virtual Execution Environments
Using a sandbox for malware analysis has proven effective in helping people quickly understand the behavior of unknown malware. This technique is also complementary to other malware analysis techniques such as static code analysis and debugger-based code analysis. This paper presents Rkprofiler, a sandbox-based malware tracking system that dynamically monitors and analyzes the behavior of Windo...
متن کاملCountering unauthorized code execution on commodity kernels: A survey of common interfaces allowing kernel code modification
Motivated by the goal of hardening operating system kernels against rootkits and related malware, we survey the common interfaces and methods which can be used to modify (either legitimately or maliciously) the kernel which is run on a commodity desktop computer. We also survey how these interfaces can be restricted or disabled. While we concentrate mainly on Linux, many of the methods for modi...
متن کاملA fistful of red-pills: How to automatically generate procedures to detect CPU emulators
Malware includes several protections to complicate their analysis: the longer it takes to analyze a new malware sample, the longer the sample survives and the larger number of systems it compromises. Nowadays, new malware samples are analyzed dynamically using virtual environments (e.g., emulators, virtual machines, or debuggers). Therefore, malware incorporate a variety of tests to detect whet...
متن کاملCountering Persistent Kernel Rootkits through Systematic Hook Discovery
Kernel rootkits, as one of the most elusive types of malware, pose significant challenges for investigation and defense. Among the most notable are persistent kernel rootkits, a special type of kernel rootkits that implant persistent kernel hooks to tamper with the kernel execution to hide their presence. To defend against them, an effective approach is to first identify those kernel hooks and ...
متن کاملPPSAM: Proactive PowerShell Anti-Malware Customizable Comprehensive Tool to Supplement Commercial AVs
This research first explores the different types of Anti-Malware solution approaches, evaluating the pros and cons, and concentrating on their potential weaknesses and drawbacks. The malware technologies analyzed include Windows Direct Kernel Object Manipulation (DKOM), Kernel Patch Protection, Data Execution Prevention, Address Space Layout Randomization, Driver Signing, Windows Service Harden...
متن کامل