Osiris: A Malware Behavior Capturing System Implemented at Virtual Machine Monitor Layer
作者: Ying Cao , Qiguang Miao , Jiachen Liu , Weisheng Li
DOI: 10.1155/2013/402438
关键词:
摘要: To perform behavior based malware analysis, capturing is an important prerequisite. In this paper, we present Osiris system which a tool to capture behaviors of executable files in Windows system. It collects API calls invoked not only by main process the analysis file, but also child processes are created process, injected if injection happens, and service creates services. By modifying source code Qemu, implemented at virtual machine monitor layer has following advantages. First, it does rewrite binary file or interfere with its normal execution, so that data obtained more stealthily transparently. Second, employs multi-virtual framework simulate network environment for stimulated large extend. Third, besides environment, simulates most common host events stimulate potential malicious malware. The experimental results show automates provides good detection algorithm.
hindawi.com参考文章(6)
Claudio Carpineto, Giovanni Romano, A Survey of Automatic Query Expansion in Information Retrieval ACM Computing Surveys. ,vol. 44, pp. 1- 50 ,(2012) , 10.1145/2071389.2071390
Eric Filiol, Malware Pattern Scanning Schemes Secure Against Black-box Analysis Journal in Computer Virology. ,vol. 2, pp. 35- 50 ,(2006) , 10.1007/S11416-006-0009-X
Xuxian Jiang, Xinyuan Wang, Dongyan Xu, Stealthy malware detection and monitoring through VMM-based “out-of-the-box” semantic view reconstruction ACM Transactions on Information and System Security. ,vol. 13, pp. 12- ,(2010) , 10.1145/1698750.1698752
Eric Filiol, Grégoire Jacob, Mickaël Le Liard, Evaluation methodology and theoretical model for antiviral behavioural detection strategies Journal in Computer Virology. ,vol. 3, pp. 23- 37 ,(2007) , 10.1007/S11416-006-0026-9
Carsten Willems, Thorsten Holz, Felix Freiling, Toward Automated Dynamic Malware Analysis Using CWSandbox ieee symposium on security and privacy. ,vol. 5, pp. 32- 39 ,(2007) , 10.1109/MSP.2007.45
Grégoire Jacob, Hervé Debar, Eric Filiol, Behavioral detection of malware: from a survey towards an established taxonomy Journal in Computer Virology. ,vol. 4, pp. 251- 266 ,(2008) , 10.1007/S11416-008-0086-0