TY - GEN
T1 - Malware behavioral analysis system
T2 - Symposium Series on Computational Intelligence, IEEE SSCI 2011 - 2011 IEEE Symposium on Intelligent Agents, IA 2011
AU - Huang, Hsien De
AU - Lee, Chang Shing
AU - Kao, Hung-Yu
AU - Tsai, Yi Lang
AU - Chang, Jee Gong
PY - 2011/8/15
Y1 - 2011/8/15
N2 - Malware is an important topic of security threat research. In this paper, a behavioral malware analysis system TWMAN was presented. This study focuses on using real operation system (OS) environment to analysis malware behavioral. Many researchers try to use virtual machine (VM) system to monitor the malware behaviors. These malware samples will only compromise the virtual operating system or virtual machine, which cannot reflect in the real operating system or real environment. Therefore, some malware researchers don't want their systems to be analyzed in VM environment, because the analyzer cannot much useful information in VM environment. There are many Anti-VM techniques which are used to ward off the collection, analysis, and reverse engineering features of the VM based malware analysis platform. There are differences between these two behaviors: malware behavior in real environment and in virtual environment. Therefore, malware researcher would get inaccurate analysis results from VM based malware analysis platform. In order to retrieve correct malware behavioral information, we need flexible, adaptable, and quickly analysis environment, which could discovery malware behavioral in real operation system environment, and which can quickly restore clear operation system to analysis another malware sample. For this reason, this study developed Taiwan Malware Analysis Net(TWMAN), a real operation system environment for malware behavioral analysis and analysis report. We believe this system would be helpful to improve the correctness of malware analysis result and reduce the loss rate of malware analysis.
AB - Malware is an important topic of security threat research. In this paper, a behavioral malware analysis system TWMAN was presented. This study focuses on using real operation system (OS) environment to analysis malware behavioral. Many researchers try to use virtual machine (VM) system to monitor the malware behaviors. These malware samples will only compromise the virtual operating system or virtual machine, which cannot reflect in the real operating system or real environment. Therefore, some malware researchers don't want their systems to be analyzed in VM environment, because the analyzer cannot much useful information in VM environment. There are many Anti-VM techniques which are used to ward off the collection, analysis, and reverse engineering features of the VM based malware analysis platform. There are differences between these two behaviors: malware behavior in real environment and in virtual environment. Therefore, malware researcher would get inaccurate analysis results from VM based malware analysis platform. In order to retrieve correct malware behavioral information, we need flexible, adaptable, and quickly analysis environment, which could discovery malware behavioral in real operation system environment, and which can quickly restore clear operation system to analysis another malware sample. For this reason, this study developed Taiwan Malware Analysis Net(TWMAN), a real operation system environment for malware behavioral analysis and analysis report. We believe this system would be helpful to improve the correctness of malware analysis result and reduce the loss rate of malware analysis.
UR - http://www.scopus.com/inward/record.url?scp=80051519793&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80051519793&partnerID=8YFLogxK
U2 - 10.1109/IA.2011.5953604
DO - 10.1109/IA.2011.5953604
M3 - Conference contribution
AN - SCOPUS:80051519793
SN - 9781612840604
T3 - IEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011: 2011 IEEE Symposium on Intelligent Agents
SP - 1
EP - 8
BT - IEEE SSCI 2011 - Symposium Series on Computational Intelligence - IA 2011
Y2 - 11 April 2011 through 15 April 2011
ER -