Hypervisor-assisted dynamic malware analysis
Abstract Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to t...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
SpringerOpen
2021-06-01
|
| Series: | Cybersecurity |
| Online Access: | https://doi.org/10.1186/s42400-021-00083-9 |
| _version_ | 1818442413481394176 |
|---|---|
| author | Roee S. Leon Michael Kiperberg Anat Anatey Leon Zabag Nezer Jacob Zaidenberg |
| author_facet | Roee S. Leon Michael Kiperberg Anat Anatey Leon Zabag Nezer Jacob Zaidenberg |
| author_sort | Roee S. Leon |
| collection | DOAJ |
| description | Abstract Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible. |
| first_indexed | 2024-12-14T18:43:45Z |
| format | Article |
| id | doaj.art-a53bea07133b42f5bf51ca3a8a770af1 |
| institution | Directory Open Access Journal |
| issn | 2523-3246 |
| language | English |
| last_indexed | 2024-12-14T18:43:45Z |
| publishDate | 2021-06-01 |
| publisher | SpringerOpen |
| record_format | Article |
| series | Cybersecurity |
| spelling | doaj.art-a53bea07133b42f5bf51ca3a8a770af12022-12-21T22:51:26ZengSpringerOpenCybersecurity2523-32462021-06-014111410.1186/s42400-021-00083-9Hypervisor-assisted dynamic malware analysisRoee S. Leon0Michael Kiperberg1Anat Anatey Leon Zabag2Nezer Jacob Zaidenberg3Shenkar CollegeDepartment of Software Engineering, Shamoon College of EngineeringDepartment of Software Engineering, Shamoon College of EngineeringCollege of Management Academic StudiesAbstract Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.https://doi.org/10.1186/s42400-021-00083-9 |
| spellingShingle | Roee S. Leon Michael Kiperberg Anat Anatey Leon Zabag Nezer Jacob Zaidenberg Hypervisor-assisted dynamic malware analysis Cybersecurity |
| title | Hypervisor-assisted dynamic malware analysis |
| title_full | Hypervisor-assisted dynamic malware analysis |
| title_fullStr | Hypervisor-assisted dynamic malware analysis |
| title_full_unstemmed | Hypervisor-assisted dynamic malware analysis |
| title_short | Hypervisor-assisted dynamic malware analysis |
| title_sort | hypervisor assisted dynamic malware analysis |
| url | https://doi.org/10.1186/s42400-021-00083-9 |
| work_keys_str_mv | AT roeesleon hypervisorassisteddynamicmalwareanalysis AT michaelkiperberg hypervisorassisteddynamicmalwareanalysis AT anatanateyleonzabag hypervisorassisteddynamicmalwareanalysis AT nezerjacobzaidenberg hypervisorassisteddynamicmalwareanalysis |