Holography: A Hardware Virtualization Tool for Malware Analysis

Author

Dai, Shih-Yao ; Fyodor, Yarochkin ; Wu, Jain-shing ; Lin, Chih-Hung ; Huang, Yennun ; Kuo, Sy-Yen

Author_Institution

Dept. of Electr. Eng., Nat. Taiwan Univ. Taipei, Taipei, Taiwan

fYear

2009

fDate

16-18 Nov. 2009

Firstpage

263

Lastpage

268

Abstract

Behavior-based detection methods have the ability to detect unknown malicious software (malware). The success of behavior-based detection methods must depend on sufficient number of abnormal behavior models. Insufficient number of abnormal behavior models can lead to high false positive and/or false negative rates. The majority of abnormal behavior models can only be derived by observing application behavior at lower level. However the traditional approaches are not very efficient in this type of analysis. In this paper, we present Holography,a virtual hardware-level tool to capture actions of malware programs. Holography does not rely on any driver that is installed on an operating system to log the execution profile of malware programs. Instead, Holography relies on only hardware level information to capture actions of malware programs. As a result, Holography is invisible to malware programs and therefore cannot be disabled or bypassed by malware programs.

Keywords

invasive software; virtual machines; behavior-based detection methods; hardware virtualization tool; holography; malicious software; malware analysis; Banking; Computer industry; Computer networks; Holography; Information analysis; Information security; Internet; Multimedia computing; Platform virtualization; Software tools; abnormal behavior models; behaviorbased detection method; dynamic analysis; hardware virtualization; malicious software;

fLanguage

English

Publisher

ieee

Conference_Titel

Dependable Computing, 2009. PRDC '09. 15th IEEE Pacific Rim International Symposium on

Conference_Location

Shanghai

Print_ISBN

978-0-7695-3849-5

Type

conf

DOI

10.1109/PRDC.2009.48

Filename

5370996