Hypervisor-assisted dynamic malware analysis

Roee S. Leon; Michael Kiperberg; Anat Anatey Leon Zabag; Nezer Jacob Zaidenberg

doi:10.1186/s42400-021-00083-9

Hypervisor-assisted dynamic malware analysis

Roee S. Leon
, Michael Kiperberg
, Anat Anatey Leon Zabag
, Nezer Jacob Zaidenberg

نتاج البحث: نشر في مجلة › مقالة › مراجعة النظراء

17 اقتباسات (Scopus)

ملخص

Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.

اللغة الأصلية	الإنجليزيّة
رقم المقال	19
دورية	Cybersecurity
مستوى الصوت	4
رقم الإصدار	1
المعرِّفات الرقمية للأشياء	https://doi.org/10.1186/s42400-021-00083-9
حالة النشر	نُشِر - ديسمبر 2021
منشور خارجيًا	نعم

الوصول إلى المستند

10.1186/s42400-021-00083-9

الملفات والروابط الأخرى

Link to publication in Scopus

قم بذكر هذا

@article{515e14a6d94e4d348fb19e203f39da61,

title = "Hypervisor-assisted dynamic malware analysis",

abstract = "Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system{\textquoteright}s efficiency suggests that the induced performance overhead is negligible.",

author = "Leon, \{Roee S.\} and Michael Kiperberg and \{Leon Zabag\}, \{Anat Anatey\} and Zaidenberg, \{Nezer Jacob\}",

note = "Publisher Copyright: {\textcopyright} 2021, The Author(s).",

year = "2021",

month = dec,

doi = "10.1186/s42400-021-00083-9",

language = "אנגלית",

volume = "4",

journal = "Cybersecurity",

issn = "2096-4862",

publisher = "SpringerOpen",

number = "1",

}

TY - JOUR

T1 - Hypervisor-assisted dynamic malware analysis

AU - Leon, Roee S.

AU - Kiperberg, Michael

AU - Leon Zabag, Anat Anatey

AU - Zaidenberg, Nezer Jacob

PY - 2021/12

Y1 - 2021/12

N2 - Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.

AB - Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.

UR - https://www.scopus.com/pages/publications/85107120155

U2 - 10.1186/s42400-021-00083-9

DO - 10.1186/s42400-021-00083-9

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:85107120155

SN - 2096-4862

VL - 4

JO - Cybersecurity

JF - Cybersecurity

IS - 1

M1 - 19

ER -

Hypervisor-assisted dynamic malware analysis

ملخص

الوصول إلى المستند

الملفات والروابط الأخرى

بصمة

قم بذكر هذا