EtherAnnotate: a transparent malware analysis tool for integrating dynamic and static examination
作者: Joshua Michael Eads
DOI:
关键词:
摘要: Software security researchers commonly reverse engineer and analyze current malicious software (malware) to determine what the latest techniques attackers are utilizing how protect computer systems from attack. The most common analysis methods involve examining program behaves during execution interpreting its machine-level instructions. However, modern applications use advanced anti-debugger, anti-virtualization, code packing obfuscate malware’s true activities divert analysts. Malware analysts currently do not have a simple method for tracing activity at instruction-level in highly undetectable environment. There also lacks combining actual run-time register memory values with statically disassembled code. Combining found registers being accessed would create new level of possible by key aspects static dynamic analysis. This thesis presents EtherAnnotate, extension Xen Ether virtualization framework IDA Pro disassembler aid task consists two separate components an enhanced instruction tracer graphical annotation visualization plug-in Pro. specialized places malware binary into virtualized environment records contents all processor general that occur execution. interprets output adds line comments addition visualizing coverage instructions were executed These tools can be combined provide introspection was available previous state-of-the-art tools.
mst.edu参考文章(19)
Tal Garfinkel, Keith Adams, Jason Franklin, Andrew Warfield, Compatibility is not transparency: VMM detection myths and realities HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems. pp. 6- ,(2007)
Nick Cercone, Tony Abou-Assaleh, Vlado Keselj, Ray Sweidan, Detection of New Malicious Code Using N-grams Signatures. conference on privacy, security and trust. pp. 193- 196 ,(2004)
Ulrich Bayer, Christopher Kruegel, Engin Kirda, TTAnalyze: A Tool for Analyzing Malware Proceedings of the European Institute for Computer Antivirus Research Annual Conference,2006. ,(2006)
Jeanna N Matthews, Eli M Dow, Todd Deshane, Wenjin Hu, Jeremy Bongio, Patrick F Wilbur, Brendan Johnson, None, Running Xen: A Hands-On Guide to the Art of Virtualization ,(2008)
David A. Wheeler, Gregory N. Larsen, Techniques for Cyber Attack Attribution Defense Technical Information Center. ,(2003) , 10.21236/ADA468859
Peter Szor, The Art of Computer Virus Research and Defense ,(2005)
Robert P Goldberg, Architectural Principles for Virtual Computer Systems ,(1973)
Roger Dingledine, Nick Mathewson, Paul Syverson, Tor: the second-generation onion router usenix security symposium. pp. 21- 21 ,(2004) , 10.21236/ADA465464
Cliff Changchun Zou, Lixin Gao, Weibo Gong, Don Towsley, Monitoring and early warning for internet worms computer and communications security. pp. 190- 199 ,(2003) , 10.1145/948109.948136
R. J. Creasy, The Origin of the VM/370 Time-Sharing System IBM Journal of Research and Development. ,vol. 25, pp. 483- 490 ,(1981) , 10.1147/RD.255.0483