Malware behavioral analysis system: TWMAN

Hsien De Huang, Chang Shing Lee, Hung-Yu Kao, Yi Lang Tsai, Jee Gong Chang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

19 Citations (Scopus)

Abstract

Malware is an important topic of security threat research. In this paper, a behavioral malware analysis system TWMAN was presented. This study focuses on using real operation system (OS) environment to analysis malware behavioral. Many researchers try to use virtual machine (VM) system to monitor the malware behaviors. These malware samples will only compromise the virtual operating system or virtual machine, which cannot reflect in the real operating system or real environment. Therefore, some malware researchers don't want their systems to be analyzed in VM environment, because the analyzer cannot much useful information in VM environment. There are many Anti-VM techniques which are used to ward off the collection, analysis, and reverse engineering features of the VM based malware analysis platform. There are differences between these two behaviors: malware behavior in real environment and in virtual environment. Therefore, malware researcher would get inaccurate analysis results from VM based malware analysis platform. In order to retrieve correct malware behavioral information, we need flexible, adaptable, and quickly analysis environment, which could discovery malware behavioral in real operation system environment, and which can quickly restore clear operation system to analysis another malware sample. For this reason, this study developed Taiwan Malware Analysis Net(TWMAN), a real operation system environment for malware behavioral analysis and analysis report. We believe this system would be helpful to improve the correctness of malware analysis result and reduce the loss rate of malware analysis.

Original languageEnglish
Title of host publicationIEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011
Subtitle of host publication2011 IEEE Symposium on Intelligent Agents
Pages1-8
Number of pages8
DOIs
Publication statusPublished - 2011 Aug 15
EventSymposium Series on Computational Intelligence, IEEE SSCI 2011 - 2011 IEEE Symposium on Intelligent Agents, IA 2011 - Paris, France
Duration: 2011 Apr 112011 Apr 15

Publication series

NameIEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011: 2011 IEEE Symposium on Intelligent Agents

Other

OtherSymposium Series on Computational Intelligence, IEEE SSCI 2011 - 2011 IEEE Symposium on Intelligent Agents, IA 2011
CountryFrance
CityParis
Period11-04-1111-04-15

Fingerprint

Computer systems
Malware
Computer operating systems
Computer monitors
Reverse engineering
Virtual machine
Virtual reality

All Science Journal Classification (ASJC) codes

  • Artificial Intelligence
  • Computational Theory and Mathematics

Cite this

Huang, H. D., Lee, C. S., Kao, H-Y., Tsai, Y. L., & Chang, J. G. (2011). Malware behavioral analysis system: TWMAN. In IEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011: 2011 IEEE Symposium on Intelligent Agents (pp. 1-8). [5953604] (IEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011: 2011 IEEE Symposium on Intelligent Agents). https://doi.org/10.1109/IA.2011.5953604
Huang, Hsien De ; Lee, Chang Shing ; Kao, Hung-Yu ; Tsai, Yi Lang ; Chang, Jee Gong. / Malware behavioral analysis system : TWMAN. IEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011: 2011 IEEE Symposium on Intelligent Agents. 2011. pp. 1-8 (IEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011: 2011 IEEE Symposium on Intelligent Agents).
@inproceedings{66505c23179540078a2058534589215d,
title = "Malware behavioral analysis system: TWMAN",
abstract = "Malware is an important topic of security threat research. In this paper, a behavioral malware analysis system TWMAN was presented. This study focuses on using real operation system (OS) environment to analysis malware behavioral. Many researchers try to use virtual machine (VM) system to monitor the malware behaviors. These malware samples will only compromise the virtual operating system or virtual machine, which cannot reflect in the real operating system or real environment. Therefore, some malware researchers don't want their systems to be analyzed in VM environment, because the analyzer cannot much useful information in VM environment. There are many Anti-VM techniques which are used to ward off the collection, analysis, and reverse engineering features of the VM based malware analysis platform. There are differences between these two behaviors: malware behavior in real environment and in virtual environment. Therefore, malware researcher would get inaccurate analysis results from VM based malware analysis platform. In order to retrieve correct malware behavioral information, we need flexible, adaptable, and quickly analysis environment, which could discovery malware behavioral in real operation system environment, and which can quickly restore clear operation system to analysis another malware sample. For this reason, this study developed Taiwan Malware Analysis Net(TWMAN), a real operation system environment for malware behavioral analysis and analysis report. We believe this system would be helpful to improve the correctness of malware analysis result and reduce the loss rate of malware analysis.",
author = "Huang, {Hsien De} and Lee, {Chang Shing} and Hung-Yu Kao and Tsai, {Yi Lang} and Chang, {Jee Gong}",
year = "2011",
month = "8",
day = "15",
doi = "10.1109/IA.2011.5953604",
language = "English",
isbn = "9781612840604",
series = "IEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011: 2011 IEEE Symposium on Intelligent Agents",
pages = "1--8",
booktitle = "IEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011",

}

Huang, HD, Lee, CS, Kao, H-Y, Tsai, YL & Chang, JG 2011, Malware behavioral analysis system: TWMAN. in IEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011: 2011 IEEE Symposium on Intelligent Agents., 5953604, IEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011: 2011 IEEE Symposium on Intelligent Agents, pp. 1-8, Symposium Series on Computational Intelligence, IEEE SSCI 2011 - 2011 IEEE Symposium on Intelligent Agents, IA 2011, Paris, France, 11-04-11. https://doi.org/10.1109/IA.2011.5953604

Malware behavioral analysis system : TWMAN. / Huang, Hsien De; Lee, Chang Shing; Kao, Hung-Yu; Tsai, Yi Lang; Chang, Jee Gong.

IEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011: 2011 IEEE Symposium on Intelligent Agents. 2011. p. 1-8 5953604 (IEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011: 2011 IEEE Symposium on Intelligent Agents).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Malware behavioral analysis system

T2 - TWMAN

AU - Huang, Hsien De

AU - Lee, Chang Shing

AU - Kao, Hung-Yu

AU - Tsai, Yi Lang

AU - Chang, Jee Gong

PY - 2011/8/15

Y1 - 2011/8/15

N2 - Malware is an important topic of security threat research. In this paper, a behavioral malware analysis system TWMAN was presented. This study focuses on using real operation system (OS) environment to analysis malware behavioral. Many researchers try to use virtual machine (VM) system to monitor the malware behaviors. These malware samples will only compromise the virtual operating system or virtual machine, which cannot reflect in the real operating system or real environment. Therefore, some malware researchers don't want their systems to be analyzed in VM environment, because the analyzer cannot much useful information in VM environment. There are many Anti-VM techniques which are used to ward off the collection, analysis, and reverse engineering features of the VM based malware analysis platform. There are differences between these two behaviors: malware behavior in real environment and in virtual environment. Therefore, malware researcher would get inaccurate analysis results from VM based malware analysis platform. In order to retrieve correct malware behavioral information, we need flexible, adaptable, and quickly analysis environment, which could discovery malware behavioral in real operation system environment, and which can quickly restore clear operation system to analysis another malware sample. For this reason, this study developed Taiwan Malware Analysis Net(TWMAN), a real operation system environment for malware behavioral analysis and analysis report. We believe this system would be helpful to improve the correctness of malware analysis result and reduce the loss rate of malware analysis.

AB - Malware is an important topic of security threat research. In this paper, a behavioral malware analysis system TWMAN was presented. This study focuses on using real operation system (OS) environment to analysis malware behavioral. Many researchers try to use virtual machine (VM) system to monitor the malware behaviors. These malware samples will only compromise the virtual operating system or virtual machine, which cannot reflect in the real operating system or real environment. Therefore, some malware researchers don't want their systems to be analyzed in VM environment, because the analyzer cannot much useful information in VM environment. There are many Anti-VM techniques which are used to ward off the collection, analysis, and reverse engineering features of the VM based malware analysis platform. There are differences between these two behaviors: malware behavior in real environment and in virtual environment. Therefore, malware researcher would get inaccurate analysis results from VM based malware analysis platform. In order to retrieve correct malware behavioral information, we need flexible, adaptable, and quickly analysis environment, which could discovery malware behavioral in real operation system environment, and which can quickly restore clear operation system to analysis another malware sample. For this reason, this study developed Taiwan Malware Analysis Net(TWMAN), a real operation system environment for malware behavioral analysis and analysis report. We believe this system would be helpful to improve the correctness of malware analysis result and reduce the loss rate of malware analysis.

UR - http://www.scopus.com/inward/record.url?scp=80051519793&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80051519793&partnerID=8YFLogxK

U2 - 10.1109/IA.2011.5953604

DO - 10.1109/IA.2011.5953604

M3 - Conference contribution

AN - SCOPUS:80051519793

SN - 9781612840604

T3 - IEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011: 2011 IEEE Symposium on Intelligent Agents

SP - 1

EP - 8

BT - IEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011

ER -

Huang HD, Lee CS, Kao H-Y, Tsai YL, Chang JG. Malware behavioral analysis system: TWMAN. In IEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011: 2011 IEEE Symposium on Intelligent Agents. 2011. p. 1-8. 5953604. (IEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011: 2011 IEEE Symposium on Intelligent Agents). https://doi.org/10.1109/IA.2011.5953604