Malware virtualization-resistant behavior detection

Ming Kung Sun, Mao Jie Lin, Michael Chang, Chi Sung Laih, Hui Tang Lin

研究成果: Conference contribution

19 引文 斯高帕斯(Scopus)

摘要

Many researchers monitor malicious software (malware) behavior using Virtual Machines (VM) to protect the underlying operating system. For virtual machines, the malware monitor process exists at the same layer as the real system so the monitor can get detailed behavior information without being discovered. There are some Anti-VM techniques employed by malware authors to ward off collection, analysis and reverse engineering of their malicious programs. Therefore, malware researchers may obtain inaccurate analysis from VM aware programs. This paper presents a solution to detect Anti-VM techniques. We collect behavioral information from malware and use an enhanced behavior distance algorithm to calculate the difference between real and virtual environments to distinguish if the malware has Anti-VM capability. Our experiments show this algorithm works well. This idea can improve malware analysis results and reduce malware misdetection.

原文English
主出版物標題Proceedings - 2011 17th IEEE International Conference on Parallel and Distributed Systems, ICPADS 2011
頁面912-917
頁數6
DOIs
出版狀態Published - 2011
事件2011 17th IEEE International Conference on Parallel and Distributed Systems, ICPADS 2011 - Tainan, Taiwan
持續時間: 2011 12月 72011 12月 9

出版系列

名字Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS
ISSN(列印)1521-9097

Other

Other2011 17th IEEE International Conference on Parallel and Distributed Systems, ICPADS 2011
國家/地區Taiwan
城市Tainan
期間11-12-0711-12-09

All Science Journal Classification (ASJC) codes

  • 硬體和架構

指紋

深入研究「Malware virtualization-resistant behavior detection」主題。共同形成了獨特的指紋。

引用此