-
2
-
-
53349116756
-
Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware
-
IEEE
-
Chen X, Andersen J, Mao Z, Bailey M, Nazario J. Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In: DSN’08. IEEE; 2008. p. 177–86.
-
(2008)
DSN’08
, pp. 177-186
-
-
Chen, X.1
Andersen, J.2
Mao, Z.3
Bailey, M.4
Nazario, J.5
-
3
-
-
70349240080
-
Ether: Malware analysis via hardware virtualization extensions
-
ACM
-
Dinaburg A, Royal P, Sharif M, Lee W. Ether: malware analysis via hardware virtualization extensions. In: CCS’08. ACM; 2008. p. 51–62.
-
(2008)
CCS’08
, pp. 51-62
-
-
Dinaburg, A.1
Royal, P.2
Sharif, M.3
Lee, W.4
-
6
-
-
85080560235
-
-
Pcmark05
-
Futuremark. Pcmark05. URL: http://www.futuremark.com/products/pcmark05/; 2012.
-
(2012)
Futuremark
-
-
-
7
-
-
85080362568
-
A virtual machine introspection based architecture for intrusion detection
-
Garfinkel T, Rosenblum M. A virtual machine introspection based architecture for intrusion detection. In: NDSS’03; 2003.
-
(2003)
NDSS’03
-
-
Garfinkel, T.1
Rosenblum, M.2
-
8
-
-
84864578794
-
-
Huang C. cproto. URL: http://sourceforge.net/projects/cproto/; 2012.
-
(2012)
Cproto
-
-
Huang, C.1
-
9
-
-
84869656794
-
-
International Secure Systems Lab
-
International Secure Systems Lab. Anubis: analyzing unknown binaries. URL: http://anubis.iseclab.org/; 2012.
-
(2012)
Anubis: Analyzing Unknown Binaries
-
-
-
10
-
-
38149053957
-
Out-of-the-box monitoring of vm-based high-interaction honeypots
-
Springer-Verlag
-
Jiang X, Wang X. Out-of-the-box monitoring of vm-based high-interaction honeypots. In: RAID’07. Springer-Verlag; 2007. p. 198–218.
-
(2007)
RAID’07
, pp. 198-218
-
-
Jiang, X.1
Wang, X.2
-
11
-
-
85080605053
-
Snaker
-
xineohP
-
Jibz, Qwerton, snaker, xineohP. Peid. URL: http://www.peid.info/; 2012.
-
(2012)
Peid
-
-
Jibz, Q.1
-
12
-
-
74049124856
-
Emulating emulation-resistant malware
-
ACM
-
Kang M, Yin H, Hanna S, McCamant S, Song D. Emulating emulation-resistant malware. In: Proceedings of the 1st ACM workshop on virtual machine security. ACM; 2009. p. 11–22.
-
(2009)
Proceedings of the 1st ACM Workshop on Virtual Machine Security
, pp. 11-22
-
-
Kang, M.1
Yin, H.2
Hanna, S.3
McCamant, S.4
Song, D.5
-
13
-
-
84864603812
-
-
Kaspersky Lab. Av vs fakeav. URL, http://habrahabr.ru/company/kaspersky/blog/133621/; 2012.
-
(2012)
Av Vs Fakeav
-
-
-
15
-
-
48649087530
-
Limits of static analysis for malware detection
-
IEEE
-
Moser A, Kruegel C, Kirda E. Limits of static analysis for malware detection. In: ACSAC’07. IEEE; 2007. p. 421–30.
-
(2007)
ACSAC’07
, pp. 421-430
-
-
Moser, A.1
Kruegel, C.2
Kirda, E.3
-
16
-
-
77950831023
-
MAVMM: Lightweight and purpose built vmm for malware analysis
-
IEEE
-
Nguyen A, Schear N, Jung H, Godiyal A, King S, Nguyen H. Mavmm: lightweight and purpose built vmm for malware analysis. In: ACSAC’09. IEEE; 2009. p. 441–50.
-
(2009)
ACSAC’09
, pp. 441-450
-
-
Nguyen, A.1
Schear, N.2
Jung, H.3
Godiyal, A.4
King, S.5
Nguyen, H.6
-
17
-
-
84888464159
-
-
Norman. Norman sandbox. URL: http://www.norman.com/about_norman/technology/norman_sandbox/; 2012.
-
(2012)
Norman Sandbox
-
-
Norman1
-
20
-
-
56549083677
-
Guest-transparent prevention of kernel rootkits with vmm-based memory shadowing
-
Springer
-
Riley R, Jiang X, Xu D. Guest-transparent prevention of kernel rootkits with vmm-based memory shadowing. In: RAID’08. Springer; 2008. p. 1–20.
-
(2008)
RAID’08
, pp. 1-20
-
-
Riley, R.1
Jiang, X.2
Xu, D.3
-
23
-
-
41149103393
-
Secvisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity oses
-
ACM
-
Seshadri A, Luk M, Qu N, Perrig A. Secvisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity oses. In: ACM SIGOPS Operating Systems Review, vol. 41. ACM; 2007. p. 335–50.
-
(2007)
ACM SIGOPS Operating Systems Review
, vol.41
, pp. 335-350
-
-
Seshadri, A.1
Luk, M.2
Qu, N.3
Perrig, A.4
-
24
-
-
67650079952
-
Bitvisor: A thin hypervisor for enforcing i/o device security
-
ACM
-
Shinagawa T, Eiraku H, Tanimoto K, Omote K, Hasegawa S, Horie T, et al. Bitvisor: a thin hypervisor for enforcing i/o device security. In: VEE’09. ACM; 2009. p. 121–30.
-
(2009)
VEE’09
, pp. 121-130
-
-
Shinagawa, T.1
Eiraku, H.2
Tanimoto, K.3
Omote, K.4
Hasegawa, S.5
Horie, T.6
-
25
-
-
84864578803
-
-
Silicon Realms
-
Silicon Realms. Armadillo. URL: http://www.siliconrealms.com/armadillo. php; 2012.
-
(2012)
Armadillo
-
-
-
26
-
-
84867864575
-
Efficient monitoring of untrusted kernel-mode execution
-
Srivastava A, Giffin J. Efficient monitoring of untrusted kernel-mode execution. In: NDSS’11; 2011.
-
(2011)
NDSS’11
-
-
Srivastava, A.1
Giffin, J.2
-
28
-
-
74049120743
-
Countering kernel rootkits with lightweight hook protection
-
ACM
-
Wang Z, Jiang X, Cui W, Ning P. Countering kernel rootkits with lightweight hook protection. In: CCS’09. ACM; 2009. p. 545–54.
-
(2009)
CCS’09
, pp. 545-554
-
-
Wang, Z.1
Jiang, X.2
Cui, W.3
Ning, P.4
-
29
-
-
84864590255
-
-
Wikipedia. Pentium fdiv bug. URL: http://en.wikipedia.org/wiki/Pentium_ FDIV_bug; 2012.
-
(2012)
Pentium Fdiv Bug
-
-
-
31
-
-
84863351787
-
V2E: Combing hardware virtualization and software emulation for transparent and extensible malware analysis
-
ACM; to appear
-
Yan L, Jayachandra M, Zhang M, Yin H. V2e: combing hardware virtualization and software emulation for transparent and extensible malware analysis. In: VEE’12. ACM; 2012. to appear.
-
(2012)
VEE’12
-
-
Yan, L.1
Jayachandra, M.2
Zhang, M.3
Yin, H.4
|