https://scholars.lib.ntu.edu.tw/handle/123456789/500901
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.author | Tien, C.-W. | en_US |
dc.contributor.author | Liao, J.-W. | en_US |
dc.contributor.author | Chang, S.-C. | en_US |
dc.contributor.author | Kuo, S.-Y. | en_US |
dc.contributor.author | SY-YEN KUO | zz |
dc.creator | Tien, C.-W.;Liao, J.-W.;Chang, S.-C.;Kuo, S.-Y. | - |
dc.date.accessioned | 2020-06-11T06:44:49Z | - |
dc.date.available | 2020-06-11T06:44:49Z | - |
dc.date.issued | 2017 | - |
dc.identifier.uri | https://scholars.lib.ntu.edu.tw/handle/123456789/500901 | - |
dc.description.abstract | A security sandbox is a technology that is often used to detect advanced malware. However, current sandboxes are highly dependent on VM hypervisor types and versions. Thus, in this paper, we introduce a new sandbox design, using memory forensics techniques, to provide an agentless sandbox solution that is independent of the VM hypervisor. In particular, we leverage the VM introspection method to monitor malware running memory data outside the VM and analyze its system behaviors, such as process, file, registry, and network activities. We evaluate the feasibility of this method using 20 advanced and 8 script-based malware samples. We furthermore demonstrate how to analyze malware behavior from memory and verify the results with three different sandbox types. The results show that we can analyze suspicious malware activities, which is also helpful for cyber security defense. © 2017 IEEE. | - |
dc.relation.ispartof | 2017 IEEE Conference on Dependable and Secure Computing | - |
dc.subject | Advanced malware analysis; Cyber security; Security sandbox; Virtual machine introspection | - |
dc.subject.classification | [SDGs]SDG16 | - |
dc.subject.other | Computer crime; Network security; Virtual machine; Cyber security; ITS systems; Malware analysis; Malware behaviors; Memory forensics; Network activities; Security sandbox; Virtual machine introspection; Malware | - |
dc.title | Memory forensics using virtual machine introspection for Malware analysis | en_US |
dc.type | conference paper | en |
dc.identifier.doi | 10.1109/DESEC.2017.8073871 | - |
dc.identifier.scopus | 2-s2.0-85039918226 | - |
dc.identifier.url | https://www.scopus.com/inward/record.uri?eid=2-s2.0-85039918226&doi=10.1109%2fDESEC.2017.8073871&partnerID=40&md5=1564aef51191a69818ba098fc4773923 | - |
dc.relation.pages | 518-519 | - |
item.fulltext | no fulltext | - |
item.openairetype | conference paper | - |
item.openairecristype | http://purl.org/coar/resource_type/c_5794 | - |
item.grantfulltext | none | - |
item.cerifentitytype | Publications | - |
crisitem.author.dept | Electrical Engineering | - |
crisitem.author.dept | Electronics Engineering | - |
crisitem.author.dept | Networking and Multimedia | - |
crisitem.author.dept | Computer Science and Information Engineering | - |
crisitem.author.dept | Center for Quantum Science and Engineering (CQSE) | - |
crisitem.author.orcid | 0000-0002-2504-2608 | - |
crisitem.author.parentorg | College of Electrical Engineering and Computer Science | - |
crisitem.author.parentorg | College of Electrical Engineering and Computer Science | - |
crisitem.author.parentorg | College of Electrical Engineering and Computer Science | - |
crisitem.author.parentorg | College of Electrical Engineering and Computer Science | - |
crisitem.author.parentorg | Others: University-Level Research Centers | - |
顯示於: | 電機工程學系 |
在 IR 系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。