K-Tracer: A System for Extracting Kernel Malware Behavior.
作者: Wenke Lee , Monirul I. Sharif , Andrea Lanzi
DOI:
关键词:
摘要: Kernel rootkits can provide user level-malware programs with the additional capabilities of hiding their malicious activities by altering legitimate kernel behavior an operating system. While existing research has studied rootkit hooking in effort to help develop defense and remediation mechanisms, automated analysis actual goals not been adequately investigated. In this paper, we present approach based on a combination backward slicing chopping techniques that enables automatic discovery system data manipulation behaviors rootkits. We have built called K-Tracer dynamically analyze Windows kernel-level code extract from rootkits, including sensitive access, modification triggers. Our overcomes several challenges analyzing Kernel. performed experiments malware samples shown our successfully all them. also discuss limitations current newer strategies, insight into how it be extended handle these
neu.edu
isoc.org参考文章(24)
Thomas Raffetseder, Christopher Kruegel, Engin Kirda, Detecting System Emulators Lecture Notes in Computer Science. pp. 1- 18 ,(2007) , 10.1007/978-3-540-75496-1_1
Ryan Riley, Xuxian Jiang, Dongyan Xu, Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing recent advances in intrusion detection. pp. 1- 20 ,(2008) , 10.1007/978-3-540-87403-4_1
Greg Hoglund, Jamie Butler, Rootkits: Subverting the Windows Kernel ,(2005)
Fabrice Bellard, QEMU, a fast and portable dynamic translator usenix annual technical conference. pp. 41- 41 ,(2005)
Zhi Wang, Xuxian Jiang, Weidong Cui, Xinyuan Wang, Countering Persistent Kernel Rootkits through Systematic Hook Discovery recent advances in intrusion detection. pp. 21- 38 ,(2008) , 10.1007/978-3-540-87403-4_2
Eugene J. Rollins, Daniel Jackson, Chopping: A Generalization of Slicing Carnegie Mellon University. ,(1994)
Peter Szor, The Art of Computer Virus Research and Defense ,(2005)
Tal Garfinkel, Mendel Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection. network and distributed system security symposium. ,(2003)
Hiralal Agrawal, Joseph R. Horgan, Dynamic program slicing programming language design and implementation. ,vol. 25, pp. 246- 256 ,(1990) , 10.1145/93542.93576
Zhenkai Liang, Dawn Song, Heng Yin, HookFinder: Identifying and Understanding Malware Hooking Behaviors network and distributed system security symposium. ,(2008)