Holography: A Hardware Virtualization Tool for Malware Analysis
Journal
2009 Pacific Rim International Symposium on Dependable Computing (PRDC'09)
Pages
263-268
Date Issued
2009-11
Author(s)
Abstract
Behavior-based detection methods have the ability to detect unknown malicious software (malware). The success of behavior-based detection methods must depend on sufficient number of abnormal behavior models. Insufficient number of abnormal behavior models can lead to high false positive and/or false negative rates. The majority of abnormal behavior models can only be derived by observing application behavior at lower level. However the traditional approaches are not very efficient in this type of analysis. In this paper, we present Holography, a virtual hardware-level tool to capture actions of malware programs. Holography does not rely on any driver that is installed on an operating system to log the execution profile of malware programs. Instead, Holography relies on only hardware-level information to capture actions of malware programs. As a result, Holography is invisible to malware programs and therefore cannot be disabled or bypassed by malware programs. © 2009 IEEE.
Subjects
Abnormal behavior models; Behavior-based detection method; Dynamic analysis; Hardware virtualization; Malicious software
SDGs
Other Subjects
Abnormal behavior; Behavior-based detection; Behavior-based detection method; Malicious software; Virtualizations; Computer operating systems; Dynamic analysis; Hardware; Holography; Computer crime
Type
conference paper