Hypervisor-assisted dynamic malware analysis
Open Access
- 2 June 2021
- journal article
- research article
- Published by Springer Science and Business Media LLC in Cybersecurity
- Vol. 4 (1), 1-14
- https://doi.org/10.1186/s42400-021-00083-9
Abstract
Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.Keywords
This publication has 42 references indexed in Scilit:
- Structural entropy and metamorphic malwareJournal of Computer Virology and Hacking Techniques, 2013
- IntroLib: Efficient and transparent library call introspection for malware forensicsDigital Investigation, 2012
- Detecting Environment-Sensitive MalwareLecture Notes in Computer Science, 2011
- A System for Analyzing Advance Bot BehaviorCommunications in Computer and Information Science, 2010
- Remote detection of virtual machine monitors with fuzzy benchmarkingACM SIGOPS Operating Systems Review, 2008
- A survey on automated dynamic malware-analysis techniques and toolsACM Computing Surveys, 2008
- BitBlaze: A New Approach to Computer Security via Binary AnalysisLecture Notes in Computer Science, 2008
- Detecting System EmulatorsLecture Notes in Computer Science, 2007
- Dynamic Analysis of Malicious CodeJournal of Computer Virology and Hacking Techniques, 2006
- Detecting Malicious Code by Model CheckingLecture Notes in Computer Science, 2005