Hypervisor-assisted dynamic malware analysis-Reference-Cited by-同舟云学术

Hypervisor-assisted dynamic malware analysis

Published:2021-06-02 Issue:1 Volume:4 Page:
ISSN:2523-3246
Container-title:Cybersecurity
language:en
Short-container-title:Cybersecur

Author:

Leon Roee S.,Kiperberg Michael,Leon Zabag Anat Anatey,Zaidenberg Nezer Jacob^ORCID

Abstract

AbstractMalware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.

Publisher

Springer Science and Business Media LLC

Subject

Artificial Intelligence,Computer Networks and Communications,Information Systems,Software

Link

https://link.springer.com/content/pdf/10.1186/s42400-021-00083-9.pdf

Reference66 articles.

1. Afianian, A, et al. (2019) Malware dynamic analysis evasion techniques: A survey. ACM Comput Surv (CSUR) 52(6):1–28.

2. Algawi, A, Kiperberg M, Leon R, Resh A, Zaidenberg N (2019) Creating Modern Blue Pills and Red Pills In: ECCWS 2019 18th European Conference on Cyber Warfare and Security, 6.. Academic Conferences and publishing limited, UK. https://jyx.jyu.fi/bitstream/handle/123456789/67098/1/CreatingModernBluePillsandRedPills.pdf.

3. AMD (2010) AMD64 Architecture Programmer’s Manual Volume 2: System Programming. https://www.amd.com/system/files/TechDocs/24593.pdf.

4. ARM Ltd. (2013) ARM Architecture Reference Manual, ARMv8, for ARMv8-A architecture profile. https://developer.arm.com/documentation/ddi0487/latest.

5. Barham, P, Dragovic B, Fraser K, Hand S, Harris T, Ho A, Neugebauer R, Pratt I, Warfield A (2003) XEN and the art of virtualization In: Proceedings of the 19th ACM Symposium on Operating System Principles.. SOSSP, Bolton Landing.

Cited by 6 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Network Fuzzing: State of the art;2023 24th International Conference on Control Systems and Computer Science (CSCS);2023-05

2. DeepHyperv: A deep neural network based virtual memory analysis for malware detection at hypervisor-layer;2023 International Conference on Advances in Intelligent Computing and Applications (AICAPS);2023-02-01

3. HyperDbg: Reinventing Hardware-Assisted Debugging;Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security;2022-11-07

4. A Research on Countering Virtual Machine Evasion Techniques of Malware in Dynamic Analysis;Intelligent Computing & Optimization;2022-10-21

5. Machine Learning-based Ransomware Detection Using Low-level Memory Access Patterns Obtained From Live-forensic Hypervisor;2022 IEEE International Conference on Cyber Security and Resilience (CSR);2022-07-27