Malware behavioral analysis system: TWMAN

Hsien De Huang, Chang Shing Lee, Hung-Yu Kao, Yi Lang Tsai, Jee Gong Chang

研究成果: Conference contribution

21 引文 斯高帕斯(Scopus)

摘要

Malware is an important topic of security threat research. In this paper, a behavioral malware analysis system TWMAN was presented. This study focuses on using real operation system (OS) environment to analysis malware behavioral. Many researchers try to use virtual machine (VM) system to monitor the malware behaviors. These malware samples will only compromise the virtual operating system or virtual machine, which cannot reflect in the real operating system or real environment. Therefore, some malware researchers don't want their systems to be analyzed in VM environment, because the analyzer cannot much useful information in VM environment. There are many Anti-VM techniques which are used to ward off the collection, analysis, and reverse engineering features of the VM based malware analysis platform. There are differences between these two behaviors: malware behavior in real environment and in virtual environment. Therefore, malware researcher would get inaccurate analysis results from VM based malware analysis platform. In order to retrieve correct malware behavioral information, we need flexible, adaptable, and quickly analysis environment, which could discovery malware behavioral in real operation system environment, and which can quickly restore clear operation system to analysis another malware sample. For this reason, this study developed Taiwan Malware Analysis Net(TWMAN), a real operation system environment for malware behavioral analysis and analysis report. We believe this system would be helpful to improve the correctness of malware analysis result and reduce the loss rate of malware analysis.

原文English
主出版物標題IEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011
主出版物子標題2011 IEEE Symposium on Intelligent Agents
頁面1-8
頁數8
DOIs
出版狀態Published - 2011 8月 15
事件Symposium Series on Computational Intelligence, IEEE SSCI 2011 - 2011 IEEE Symposium on Intelligent Agents, IA 2011 - Paris, France
持續時間: 2011 4月 112011 4月 15

出版系列

名字IEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011: 2011 IEEE Symposium on Intelligent Agents

Other

OtherSymposium Series on Computational Intelligence, IEEE SSCI 2011 - 2011 IEEE Symposium on Intelligent Agents, IA 2011
國家/地區France
城市Paris
期間11-04-1111-04-15

All Science Journal Classification (ASJC) codes

  • 人工智慧
  • 計算機理論與數學

指紋

深入研究「Malware behavioral analysis system: TWMAN」主題。共同形成了獨特的指紋。

引用此