Title :
Holography: A Hardware Virtualization Tool for Malware Analysis
Author :
Dai, Shih-Yao ; Fyodor, Yarochkin ; Wu, Jain-shing ; Lin, Chih-Hung ; Huang, Yennun ; Kuo, Sy-Yen
Author_Institution :
Dept. of Electr. Eng., Nat. Taiwan Univ. Taipei, Taipei, Taiwan
Abstract :
Behavior-based detection methods have the ability to detect unknown malicious software (malware). The success of behavior-based detection methods must depend on sufficient number of abnormal behavior models. Insufficient number of abnormal behavior models can lead to high false positive and/or false negative rates. The majority of abnormal behavior models can only be derived by observing application behavior at lower level. However the traditional approaches are not very efficient in this type of analysis. In this paper, we present Holography,a virtual hardware-level tool to capture actions of malware programs. Holography does not rely on any driver that is installed on an operating system to log the execution profile of malware programs. Instead, Holography relies on only hardware level information to capture actions of malware programs. As a result, Holography is invisible to malware programs and therefore cannot be disabled or bypassed by malware programs.
Keywords :
invasive software; virtual machines; behavior-based detection methods; hardware virtualization tool; holography; malicious software; malware analysis; Banking; Computer industry; Computer networks; Holography; Information analysis; Information security; Internet; Multimedia computing; Platform virtualization; Software tools; abnormal behavior models; behaviorbased detection method; dynamic analysis; hardware virtualization; malicious software;
Conference_Titel :
Dependable Computing, 2009. PRDC '09. 15th IEEE Pacific Rim International Symposium on
Conference_Location :
Shanghai
Print_ISBN :
978-0-7695-3849-5
DOI :
10.1109/PRDC.2009.48
