Malware behavioral analysis system: TWMAN

Hsien De Huang, Chang Shing Lee, Hung-Yu Kao, Yi Lang Tsai, Jee Gong Chang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

19 Citations (Scopus)

Abstract

Malware is an important topic of security threat research. In this paper, a behavioral malware analysis system TWMAN was presented. This study focuses on using real operation system (OS) environment to analysis malware behavioral. Many researchers try to use virtual machine (VM) system to monitor the malware behaviors. These malware samples will only compromise the virtual operating system or virtual machine, which cannot reflect in the real operating system or real environment. Therefore, some malware researchers don't want their systems to be analyzed in VM environment, because the analyzer cannot much useful information in VM environment. There are many Anti-VM techniques which are used to ward off the collection, analysis, and reverse engineering features of the VM based malware analysis platform. There are differences between these two behaviors: malware behavior in real environment and in virtual environment. Therefore, malware researcher would get inaccurate analysis results from VM based malware analysis platform. In order to retrieve correct malware behavioral information, we need flexible, adaptable, and quickly analysis environment, which could discovery malware behavioral in real operation system environment, and which can quickly restore clear operation system to analysis another malware sample. For this reason, this study developed Taiwan Malware Analysis Net(TWMAN), a real operation system environment for malware behavioral analysis and analysis report. We believe this system would be helpful to improve the correctness of malware analysis result and reduce the loss rate of malware analysis.

Original languageEnglish
Title of host publicationIEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011
Subtitle of host publication2011 IEEE Symposium on Intelligent Agents
Pages1-8
Number of pages8
DOIs
Publication statusPublished - 2011 Aug 15
EventSymposium Series on Computational Intelligence, IEEE SSCI 2011 - 2011 IEEE Symposium on Intelligent Agents, IA 2011 - Paris, France
Duration: 2011 Apr 112011 Apr 15

Publication series

NameIEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011: 2011 IEEE Symposium on Intelligent Agents

Other

OtherSymposium Series on Computational Intelligence, IEEE SSCI 2011 - 2011 IEEE Symposium on Intelligent Agents, IA 2011
CountryFrance
CityParis
Period11-04-1111-04-15

All Science Journal Classification (ASJC) codes

  • Artificial Intelligence
  • Computational Theory and Mathematics

Fingerprint Dive into the research topics of 'Malware behavioral analysis system: TWMAN'. Together they form a unique fingerprint.

Cite this