APICapture - A tool for monitoring the behavior of malware
作者: Qi-Guang Miao , Yun-Wang , Ying-Cao , Xian-Guo Zhang , Zhong-Lin Liu
DOI: 10.1109/ICACTE.2010.5579452
关键词:
摘要: Malware is one of the most serious threats to security computer systems. Many approaches have been provided and various systems designed detect intrusion from anomalous behavior system calls which provide interface between a process operating system. Though these techniques look quite effective, key element seems be missing - inclusion utilization call arguments create richer, more valuable signature analyze malware accurately. Based on this problem, paper presents APICapture, tool for monitoring based whole emulator without changing kernel, automatically recording some important attributes, example, return values, error statue, etc. Experimental results show that APICapture has good transparency accuracy. Transparency means method transparent target process, making it difficult detected by malware. Moreover, information obtained can accurately completely describe functionality
sci-hub.se 参考文章(5)
Ulrich Bayer, Christopher Kruegel, Engin Kirda, TTAnalyze: A Tool for Analyzing Malware Proceedings of the European Institute for Computer Antivirus Research Annual Conference,2006. ,(2006)
Fabrice Bellard, QEMU, a fast and portable dynamic translator usenix annual technical conference. pp. 41- 41 ,(2005)
Steven A. Hofmeyr, Stephanie Forrest, Anil Somayaji, Intrusion detection using sequences of system calls Journal of Computer Security. ,vol. 6, pp. 151- 180 ,(1998) , 10.3233/JCS-980109
Yanfang Ye, Dingding Wang, Tao Li, Dongyi Ye, IMDS Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '07. pp. 1043- 1047 ,(2007) , 10.1145/1281192.1281308
Michael Pilato, Version Control with Subversion ,(2004)