https://scholars.lib.ntu.edu.tw/handle/123456789/374011
Title: | Holography: A Behavior-based Profiler for Malware Analysis | Authors: | Y. Dai Y. Fyodor M. W. Wu Y. Huang S. Y. Kuo SY-YEN KUO |
Keywords: | dynamic malware analysis; malvertising; malware analyzer; malware unpacker; sandbox; virtual machine emulator | Issue Date: | Sep-2012 | Journal Volume: | 42 | Journal Issue: | 9 | Start page/Pages: | 1107-1136 | Source: | Software: Practice and Experience | Abstract: | SUMMARY Behavior-based detection and signature-based detection are two popular approaches to malware (malicious software) analysis. The security industry, such as the sector selling antivirus tools, has been using signature and heuristic-based technologies for years. However, this approach has been proven to be inefficient in identifying unknown malware strains. On the other hand, the behavior-based malware detection approach has a greater potential in identifying previously unknown instances of malicious software. The accuracy of this approach relies on techniques to profile and recognize accurate behavior models. Unfortunately, with the increasing complexity of malicious software and limitations of existing automatic tools, the current behavior-based approach cannot discover many newer forms of malware either. In this paper, we implement 'holography platform', a behavior-based profiler on top of a virtual machine emulator that intercepts the system processes and analyzes the CPU instructions, CPU registers, and memory. The captured information is stored in a relational database, and data mining techniques are used to extract information. We demonstrate the breadth of the 'holography platform' by conducting two experiments: a packed binary behavior analysis and a malvertising (malicious advertising) incident tracing. Both tasks are known to be very difficult to do efficiently using existing methods and tools. We demonstrate how the precise behavior information can be easily obtained using the 'holography platform' tool. With these two experiments, we show that the 'holography platform' can provide security researchers and automatic malware detection systems with an efficient malicious software behavior analysis solution. Copyright © 2011 John Wiley & Sons, Ltd. Copyright © 2011 John Wiley & Sons, Ltd. |
URI: | http://scholars.lib.ntu.edu.tw/handle/123456789/374011 | DOI: | 10.1002/spe.1115 | SDG/Keyword: | malvertising; Malware analysis; Malwares; sandbox; Virtual machines; Computer simulation; Experiments; Holography; Network security; Computer crime |
Appears in Collections: | 電機工程學系 |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.