Transparency and Semantics Coexist: When Malware Analysis Meets the Hardware Assisted Virtualization

Guofeng Wang; Chuanyi Liu; Jie Lin

doi:10.1007/978-3-662-43908-1_4

Transparency and Semantics Coexist: When Malware Analysis Meets the Hardware Assisted Virtualization

Guofeng Wang^*
, Chuanyi Liu
, Jie Lin

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Modern malware attacks are designed intricately, transport data encrypted, so monitoring network traffic can't solve such attacks completely. Therefore, network monitoring and analysis need to be combined with system behavior monitoring and memory analysis, and the latter is more important. In this article we propose a hardware-based virtualization prototype system, combined with memory analysis tools to monitor and counterwork malicious attacks actively. The system is based on Xen virtualization platform, which monitoring virtual machine behavior by capturing specific events. The events are triggered by some specific behaviors associated with malicious software monitoring, such as executing privileged instruction, system calls, memory writing, etc. When necessary, we can dump the memory of the virtual machine, use memory analysis tools for detailed analysis, so as to achieve the purpose of monitoring and counterworking.

Original language	English
Title of host publication	Trustworthy Computing and Services - International Conference, ISCTCS 2013, Revised Selected Papers
Publisher	Springer Verlag
Pages	29-37
Number of pages	9
ISBN (Print)	9783662439074
DOIs	https://doi.org/10.1007/978-3-662-43908-1_4
State	Published - 2014
Externally published	Yes
Event	International Standard Conference on Trustworthy Computing and Services, ISCTCS 2013 - Beijing, China Duration: 1 Nov 2013 → 1 Nov 2013

Publication series

Name	Communications in Computer and Information Science
Volume	426 CCIS
ISSN (Print)	1865-0929

Conference

Conference	International Standard Conference on Trustworthy Computing and Services, ISCTCS 2013
Country/Territory	China
City	Beijing
Period	1/11/13 → 1/11/13

Keywords

Hardware assisted virtualization
Malware attacks detecting
Memory analysis

Access to Document

10.1007/978-3-662-43908-1_4

Cite this

Wang, G., Liu, C., & Lin, J. (2014). Transparency and Semantics Coexist: When Malware Analysis Meets the Hardware Assisted Virtualization. In Trustworthy Computing and Services - International Conference, ISCTCS 2013, Revised Selected Papers (pp. 29-37). (Communications in Computer and Information Science; Vol. 426 CCIS). Springer Verlag. https://doi.org/10.1007/978-3-662-43908-1_4

@inproceedings{7fdb98b81c7b4113a51ca258f566b8d2,

title = "Transparency and Semantics Coexist: When Malware Analysis Meets the Hardware Assisted Virtualization",

abstract = "Modern malware attacks are designed intricately, transport data encrypted, so monitoring network traffic can't solve such attacks completely. Therefore, network monitoring and analysis need to be combined with system behavior monitoring and memory analysis, and the latter is more important. In this article we propose a hardware-based virtualization prototype system, combined with memory analysis tools to monitor and counterwork malicious attacks actively. The system is based on Xen virtualization platform, which monitoring virtual machine behavior by capturing specific events. The events are triggered by some specific behaviors associated with malicious software monitoring, such as executing privileged instruction, system calls, memory writing, etc. When necessary, we can dump the memory of the virtual machine, use memory analysis tools for detailed analysis, so as to achieve the purpose of monitoring and counterworking.",

keywords = "Hardware assisted virtualization, Malware attacks detecting, Memory analysis",

author = "Guofeng Wang and Chuanyi Liu and Jie Lin",

year = "2014",

doi = "10.1007/978-3-662-43908-1\_4",

language = "英语",

isbn = "9783662439074",

series = "Communications in Computer and Information Science",

publisher = "Springer Verlag",

pages = "29--37",

booktitle = "Trustworthy Computing and Services - International Conference, ISCTCS 2013, Revised Selected Papers",

address = "德国",

note = "International Standard Conference on Trustworthy Computing and Services, ISCTCS 2013 ; Conference date: 01-11-2013 Through 01-11-2013",

}

Wang, G, Liu, C & Lin, J 2014, Transparency and Semantics Coexist: When Malware Analysis Meets the Hardware Assisted Virtualization. in Trustworthy Computing and Services - International Conference, ISCTCS 2013, Revised Selected Papers. Communications in Computer and Information Science, vol. 426 CCIS, Springer Verlag, pp. 29-37, International Standard Conference on Trustworthy Computing and Services, ISCTCS 2013, Beijing, China, 1/11/13. https://doi.org/10.1007/978-3-662-43908-1_4

Transparency and Semantics Coexist: When Malware Analysis Meets the Hardware Assisted Virtualization. / Wang, Guofeng; Liu, Chuanyi; Lin, Jie.
Trustworthy Computing and Services - International Conference, ISCTCS 2013, Revised Selected Papers. Springer Verlag, 2014. p. 29-37 (Communications in Computer and Information Science; Vol. 426 CCIS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Transparency and Semantics Coexist

T2 - International Standard Conference on Trustworthy Computing and Services, ISCTCS 2013

AU - Wang, Guofeng

AU - Liu, Chuanyi

AU - Lin, Jie

PY - 2014

Y1 - 2014

N2 - Modern malware attacks are designed intricately, transport data encrypted, so monitoring network traffic can't solve such attacks completely. Therefore, network monitoring and analysis need to be combined with system behavior monitoring and memory analysis, and the latter is more important. In this article we propose a hardware-based virtualization prototype system, combined with memory analysis tools to monitor and counterwork malicious attacks actively. The system is based on Xen virtualization platform, which monitoring virtual machine behavior by capturing specific events. The events are triggered by some specific behaviors associated with malicious software monitoring, such as executing privileged instruction, system calls, memory writing, etc. When necessary, we can dump the memory of the virtual machine, use memory analysis tools for detailed analysis, so as to achieve the purpose of monitoring and counterworking.

AB - Modern malware attacks are designed intricately, transport data encrypted, so monitoring network traffic can't solve such attacks completely. Therefore, network monitoring and analysis need to be combined with system behavior monitoring and memory analysis, and the latter is more important. In this article we propose a hardware-based virtualization prototype system, combined with memory analysis tools to monitor and counterwork malicious attacks actively. The system is based on Xen virtualization platform, which monitoring virtual machine behavior by capturing specific events. The events are triggered by some specific behaviors associated with malicious software monitoring, such as executing privileged instruction, system calls, memory writing, etc. When necessary, we can dump the memory of the virtual machine, use memory analysis tools for detailed analysis, so as to achieve the purpose of monitoring and counterworking.

KW - Hardware assisted virtualization

KW - Malware attacks detecting

KW - Memory analysis

UR - https://www.scopus.com/pages/publications/84904749917

U2 - 10.1007/978-3-662-43908-1_4

DO - 10.1007/978-3-662-43908-1_4

M3 - 会议稿件

AN - SCOPUS:84904749917

SN - 9783662439074

T3 - Communications in Computer and Information Science

SP - 29

EP - 37

BT - Trustworthy Computing and Services - International Conference, ISCTCS 2013, Revised Selected Papers

PB - Springer Verlag

Y2 - 1 November 2013 through 1 November 2013

ER -

Transparency and Semantics Coexist: When Malware Analysis Meets the Hardware Assisted Virtualization

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this