Malware virtualization-resistant behavior detection

Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS

Volumn , Issue , 2011, Pages 912-917

  Sun, Ming Kung ^a   Lin, Mao Jie ^a   Chang, Michael ^a   Laih, Chi Sung ^a   Lin, Hui Tang ^a  

^a NATIONAL CHENG KUNG UNIVERSITY   (Taiwan)

Author keywords

[No Author keywords available]

Indexed keywords

BEHAVIOR DETECTION; DISTANCE ALGORITHM; MALICIOUS SOFTWARE; MALWARE ANALYSIS; MALWARES; REAL SYSTEMS; VIRTUAL ENVIRONMENTS; VIRTUAL MACHINES;

ALGORITHMS; COMPUTER SYSTEMS; REVERSE ENGINEERING; VIRTUAL REALITY;

COMPUTER CRIME;

EID: 84863066873     PISSN: 15219097     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICPADS.2011.78     Document Type: Conference Paper

References (23)

1. Process monitor. http://technet.microsoft.com/en-us/sysinternals/ bb896645.aspx.
2. Putty. http://www.chiark.greenend.org.uk/∼sgtatham/putty/.
3. Qemu. http://bellard.org/qemu/.
4. Red pill. http://invisiblethings.org/papers/redpill.html.
5. Scoopyng. http://www.trapkit.de/research/vmm/scoopydoo/index.html.
6. Sri malware threat center. http://mtc.sri.com/.
7. Vmware. https://www.vmware.com.
8. D. Balzarotti, M. Cova, C. Karlberger, C. Kruegel, E. Kirda, and G. Vigna. Efficient detection of split personalities in malware. In NDSS 2010, 17th Annual Network and Distributed System Security Symposium, 2010.
9. D. Brumley. Vine project documentation. http://bitblaze.cs.berkeley.edu/ papers/vine.pdf.
10. D. Brumley, C. Hartwig, M. G. Kang, Z. Liang, J. Newsome, P. Poosankam, D. Song, and H. Yin. Bitscope: Automatically dissecting malicious binaries. Technical report, In CMU-CS-07-133, 2007.
11. X. Chen, J. Andersen, Z. M. Mao, M. Bailey, and J. Nazario. Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In Dependable Systems and Networks, pages 177-186, 2008.
12. T. Ebringer. Anti-emulation through time-lock puzzles. In Second International CARO Workshop, Hoofddorp, Netherlands, May 2008.
13. M. Egele, C. Kruegel, E. Kirda, H. Yin, and D. Song. Dynamic spyware analysis. In 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference, pages 18:1- 18:14, Berkeley, CA, USA, 2007. USENIX Association.
14. P. Ferrie. Attacks on virtual machine emulators. Technical report, Symantec Technology Exchange, 2006.
15. P. Ferrie. Attacks on more virtual machine emulators. Technical report, Symantec Technology Exchange, April 2007.
16. D. Gao, M. K. Reiter, and D. Song. Behavioral distance for intrusion detection. In Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection (RAID2005), pages 63-81, 2005. (Pubitemid 43973722)
17. M. G. Kang, P. Poosankam, and H. Yin. Renovo: a hidden code extractor for packed executables. In Proceedings of the 2007 ACM workshop on Recurring malcode, WORM'07, pages 46-53, New York, NY, USA, 2007. ACM.
18. M. G. Kang, H. Yin, S. Hanna, S. McCamant, and D. Song. Emulating emulation-resistant malware. In Proceedings of the 1st ACM workshop on Virtual machine security, VMSec'09, pages 11-22, New York, NY, USA, 2009. ACM.
19. S. T. King, G. W. Dunlap, and P. M. Chen. Operating system support for virtual machines. In Proceedings of the annual conference on USENIX Annual Technical Conference, pages 6-6, Berkeley, CA, USA, 2003. USENIX Association.
20. V. Levenshtein. Binary Codes Capable of Correcting Deletions, Insertions and Reversals. Soviet Physics Doklady, 10:707, 1966.
21. T. Liston and E. Skoudis. On the cutting edge: Thwarting virtual machine detection. http://handlers.sans.org/tliston/ThwartingVMDetectionListonSkoudis. pdf.
22. T. Raffetseder, C. Krgel, and E. Kirda. Detecting system emulators. In J. A. Garay, A. K. Lenstra, M. Mambo, and R. Peralta, editors, ISC, volume 4779 of Lecture Notes in Computer Science, pages 1-18. Springer, 2007.
23. J. S. Robin and C. E. Irvine. Analysis of the intel pentium's ability to support a secure virtual machine monitor. In Proceedings of the 9th conference on USENIX Security Symposium - Volume 9, pages 10-10, Berkeley, CA, USA, 2000. USENIX Association.