Hypervisor-assisted dynamic malware analysis
Leon, R. S., Kiperberg, M., Zabag, A. A. L., & Zaidenberg, N. J. (2021). Hypervisor-assisted dynamic malware analysis. Cybersecurity, 4, Article 19. https://doi.org/10.1186/s42400-021-00083-9
© The Author(s). 2021
Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.
Publication in research information system
MetadataShow full item record
Additional information about fundingThis research was not funded.
Showing items with similar title or keywords.
Kiperberg, Michael; Leon, Roee; Resh, Amit; Algawi, Asaf; Zaidenberg, Nezer (SCITEPRESS Science And Technology Publications, 2019)Reliable memory acquisition is essential to forensic analysis of a cyber-crime. Various methods of memory acquisition have been proposed, ranging from tools based on a dedicated hardware to software only solutions. Recently, ...
Leon, Roee S; Kiperberg, Michael; Zabag, Anat Anatey Leon; Resh, Amit; Algawi, Asaf; Zaidenberg, Nezer J. (IEEE Computer Society Press, 2019)We describe an efficient system for ensuring code integrity of an operating system (OS), both its own code and application code. The proposed system can protect from an attacker who has full control over the OS kernel. An ...
Algawi, Asaf; Kiperberg, Michael; Leon, Roee; Zaidenberg, Nezer (Academic Conferences International, 2019)Microsoft windows is a family of client and server operating systems that needs no introduction. Microsoft windows operating system family has a feature to handle exceptions by storing in the stack the address of an ...
Algawi, Asaf; Kiperberg, Michael; Leon, Roee; Resh, Amit; Zaidenberg, Nezer (Academic Conferences International, 2019)The blue pill is a malicious stealthy hypervisor-based rootkit. The red pill is a software package that is designed to detect such blue pills. Since the blue pill was originally proposed there has been an ongoing arms race ...
Siltainsuu, Janne (2017)Tämä tutkielma käsittelee kyberrikollisuutta modernissa tietoyhteiskunnassa. Tutkimuksessa pohditaan kyberrikollisuuden ilmenemistä, kyberrikollisten motiiveja sekä suojautumista kyberrikoksia vastaan. Kyberrikollisuus ...