Hypervisor-assisted dynamic malware analysis

Leon, Roee S.; Kiperberg, Michael; Zabag, Anat Anatey Leon; Zaidenberg, Nezer Jacob

doi:10.1186/s42400-021-00083-9

Publisher's PDF

View/Open

1.5 Mb

Downloads:

Show download details Hide download details

Leon, R. S., Kiperberg, M., Zabag, A. A. L., & Zaidenberg, N. J. (2021). Hypervisor-assisted dynamic malware analysis. Cybersecurity, 4, Article 19. https://doi.org/10.1186/s42400-021-00083-9

Published in

Cybersecurity

Authors

Leon, Roee S. |

Kiperberg, Michael |

Zabag, Anat Anatey Leon |

Zaidenberg, Nezer Jacob

Date

2021

Copyright

Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.

Publisher

Springer

ISSN Search the Publication Forum

2523-3246

Additional information about funding

This research was not funded.

License

Except where otherwise noted, this item's license is described as CC BY 4.0