Hypervisor-assisted dynamic malware analysis
Leon, R. S., Kiperberg, M., Zabag, A. A. L., & Zaidenberg, N. J. (2021). Hypervisor-assisted dynamic malware analysis. Cybersecurity, 4, Article 19. https://doi.org/10.1186/s42400-021-00083-9
Published in
CybersecurityDate
2021Copyright
© The Author(s). 2021
Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.
Publisher
SpringerISSN Search the Publication Forum
2523-3246Publication in research information system
https://converis.jyu.fi/converis/portal/detail/Publication/89804782
Metadata
Show full item recordCollections
Additional information about funding
This research was not funded.License
Related items
Showing items with similar title or keywords.
-
HyperIO : A Hypervisor-Based Framework for Secure IO
Kiperberg, Michael; Zaidenberg, Nezer Jacob (MDPI AG, 2023)Malware often attempts to steal input and output through human interface devices to obtain confidential information. We propose to use a thin hypervisor, called “HyperIO”, to realize a secure path between input and output ... -
Hypervisor memory acquisition for ARM
Ben Yehuda, Raz; Shlingbaum, Erez; Gershfeld, Yuval; Tayouri, Shaked; Zaidenberg, Nezer Jacob (Elsevier, 2021)Cyber forensics use memory acquisition in advanced forensics and malware analysis. We propose a hypervisor based memory acquisition tool. Our implementation extends the volatility memory forensics framework by reducing the ... -
H-KPP : Hypervisor-Assisted Kernel Patch Protection
Kiperberg, Michael; Zaidenberg, Nezer Jacob (MDPI AG, 2022)We present H-KPP, hypervisor-based protection for kernel code and data structures. H-KPP prevents the execution of unauthorized code in kernel mode. In addition, H-KPP protects certain object fields from malicious ... -
Hypervisor-assisted Atomic Memory Acquisition in Modern Systems
Kiperberg, Michael; Leon, Roee; Resh, Amit; Algawi, Asaf; Zaidenberg, Nezer (SCITEPRESS Science And Technology Publications, 2019)Reliable memory acquisition is essential to forensic analysis of a cyber-crime. Various methods of memory acquisition have been proposed, ranging from tools based on a dedicated hardware to software only solutions. Recently, ... -
Exploring Shifting Patterns in Recent IoT Malware
Carrillo-Mondejar, Javier; Suarez-Tangil, Guillermo; Costin, Andrei; Rodríguez, Ricardo J. (Academic Conferences International Ltd, 2024)The rise of malware targeting interconnected infrastructures has surged in recent years, driven largely by the widespread presence of vulnerable legacy IoT devices and inadequately secured networks. Despite the strong ...