메뉴 건너뛰기




Volumn , Issue , 2012, Pages S13-S23

Introlib: Efficient and transparent library call introspection for malware forensics

Author keywords

Dynamic analysis; Library call introspection; Malware forensics; Performance; Virtualization

Indexed keywords

BENCHMARKING; DYNAMIC ANALYSIS; ELECTRONIC CRIME COUNTERMEASURES; MALWARE; SEMANTICS; VIRTUALIZATION;

EID: 84893222248     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1016/j.diin.2012.05.013     Document Type: Conference Paper
Times cited : (4)

References (31)
  • 2
    • 53349116756 scopus 로고    scopus 로고
    • Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware
    • IEEE
    • Chen X, Andersen J, Mao Z, Bailey M, Nazario J. Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In: DSN’08. IEEE; 2008. p. 177–86.
    • (2008) DSN’08 , pp. 177-186
    • Chen, X.1    Andersen, J.2    Mao, Z.3    Bailey, M.4    Nazario, J.5
  • 3
    • 70349240080 scopus 로고    scopus 로고
    • Ether: Malware analysis via hardware virtualization extensions
    • ACM
    • Dinaburg A, Royal P, Sharif M, Lee W. Ether: malware analysis via hardware virtualization extensions. In: CCS’08. ACM; 2008. p. 51–62.
    • (2008) CCS’08 , pp. 51-62
    • Dinaburg, A.1    Royal, P.2    Sharif, M.3    Lee, W.4
  • 6
    • 85080560235 scopus 로고    scopus 로고
    • Pcmark05
    • Futuremark. Pcmark05. URL: http://www.futuremark.com/products/pcmark05/; 2012.
    • (2012) Futuremark
  • 7
    • 85080362568 scopus 로고    scopus 로고
    • A virtual machine introspection based architecture for intrusion detection
    • Garfinkel T, Rosenblum M. A virtual machine introspection based architecture for intrusion detection. In: NDSS’03; 2003.
    • (2003) NDSS’03
    • Garfinkel, T.1    Rosenblum, M.2
  • 8
    • 84864578794 scopus 로고    scopus 로고
    • Huang C. cproto. URL: http://sourceforge.net/projects/cproto/; 2012.
    • (2012) Cproto
    • Huang, C.1
  • 9
    • 84869656794 scopus 로고    scopus 로고
    • International Secure Systems Lab
    • International Secure Systems Lab. Anubis: analyzing unknown binaries. URL: http://anubis.iseclab.org/; 2012.
    • (2012) Anubis: Analyzing Unknown Binaries
  • 10
    • 38149053957 scopus 로고    scopus 로고
    • Out-of-the-box monitoring of vm-based high-interaction honeypots
    • Springer-Verlag
    • Jiang X, Wang X. Out-of-the-box monitoring of vm-based high-interaction honeypots. In: RAID’07. Springer-Verlag; 2007. p. 198–218.
    • (2007) RAID’07 , pp. 198-218
    • Jiang, X.1    Wang, X.2
  • 11
    • 85080605053 scopus 로고    scopus 로고
    • Snaker
    • xineohP
    • Jibz, Qwerton, snaker, xineohP. Peid. URL: http://www.peid.info/; 2012.
    • (2012) Peid
    • Jibz, Q.1
  • 13
    • 84864603812 scopus 로고    scopus 로고
    • Kaspersky Lab. Av vs fakeav. URL, http://habrahabr.ru/company/kaspersky/blog/133621/; 2012.
    • (2012) Av Vs Fakeav
  • 15
    • 48649087530 scopus 로고    scopus 로고
    • Limits of static analysis for malware detection
    • IEEE
    • Moser A, Kruegel C, Kirda E. Limits of static analysis for malware detection. In: ACSAC’07. IEEE; 2007. p. 421–30.
    • (2007) ACSAC’07 , pp. 421-430
    • Moser, A.1    Kruegel, C.2    Kirda, E.3
  • 16
  • 17
    • 84888464159 scopus 로고    scopus 로고
    • Norman. Norman sandbox. URL: http://www.norman.com/about_norman/technology/norman_sandbox/; 2012.
    • (2012) Norman Sandbox
    • Norman1
  • 20
    • 56549083677 scopus 로고    scopus 로고
    • Guest-transparent prevention of kernel rootkits with vmm-based memory shadowing
    • Springer
    • Riley R, Jiang X, Xu D. Guest-transparent prevention of kernel rootkits with vmm-based memory shadowing. In: RAID’08. Springer; 2008. p. 1–20.
    • (2008) RAID’08 , pp. 1-20
    • Riley, R.1    Jiang, X.2    Xu, D.3
  • 23
    • 41149103393 scopus 로고    scopus 로고
    • Secvisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity oses
    • ACM
    • Seshadri A, Luk M, Qu N, Perrig A. Secvisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity oses. In: ACM SIGOPS Operating Systems Review, vol. 41. ACM; 2007. p. 335–50.
    • (2007) ACM SIGOPS Operating Systems Review , vol.41 , pp. 335-350
    • Seshadri, A.1    Luk, M.2    Qu, N.3    Perrig, A.4
  • 25
    • 84864578803 scopus 로고    scopus 로고
    • Silicon Realms
    • Silicon Realms. Armadillo. URL: http://www.siliconrealms.com/armadillo. php; 2012.
    • (2012) Armadillo
  • 26
    • 84867864575 scopus 로고    scopus 로고
    • Efficient monitoring of untrusted kernel-mode execution
    • Srivastava A, Giffin J. Efficient monitoring of untrusted kernel-mode execution. In: NDSS’11; 2011.
    • (2011) NDSS’11
    • Srivastava, A.1    Giffin, J.2
  • 28
    • 74049120743 scopus 로고    scopus 로고
    • Countering kernel rootkits with lightweight hook protection
    • ACM
    • Wang Z, Jiang X, Cui W, Ning P. Countering kernel rootkits with lightweight hook protection. In: CCS’09. ACM; 2009. p. 545–54.
    • (2009) CCS’09 , pp. 545-554
    • Wang, Z.1    Jiang, X.2    Cui, W.3    Ning, P.4
  • 29
    • 84864590255 scopus 로고    scopus 로고
    • Wikipedia. Pentium fdiv bug. URL: http://en.wikipedia.org/wiki/Pentium_ FDIV_bug; 2012.
    • (2012) Pentium Fdiv Bug
  • 30
    • 34047110218 scopus 로고    scopus 로고
    • Toward automated dynamic malware analysis using cwsandbox
    • Willems C, Holz T, Freiling F. Toward automated dynamic malware analysis using cwsandbox. IEEE Security & Privacy; 2007: 32–9.
    • (2007) IEEE Security & Privacy , pp. 32-39
    • Willems, C.1    Holz, T.2    Freiling, F.3
  • 31
    • 84863351787 scopus 로고    scopus 로고
    • V2E: Combing hardware virtualization and software emulation for transparent and extensible malware analysis
    • ACM; to appear
    • Yan L, Jayachandra M, Zhang M, Yin H. V2e: combing hardware virtualization and software emulation for transparent and extensible malware analysis. In: VEE’12. ACM; 2012. to appear.
    • (2012) VEE’12
    • Yan, L.1    Jayachandra, M.2    Zhang, M.3    Yin, H.4


* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.