{"title":"基于FPGA器件的裸金属恶意软件分析存储镜像","authors":"D. C. Turicu, O. Creţ, L. Văcariu","doi":"10.1109/ICFPT47387.2019.00061","DOIUrl":null,"url":null,"abstract":"Malware continue to be a major security threat for computer systems. Due to their fast-growing number and increasing complexity, automated analysis methods are preferred by security analysts over manual ones. The automated dynamic analysis of malware executes the samples in controlled environments and monitors their potentially malicious behavior. Modern malware can detect these emulated or virtualized environments and suspend their malicious activities to foil the analysis. Consequently, the ultimate technique for analyzing the behavior of malware is through execution of the samples in bare metal analysis environments. Detection aside, restoring the analysis system to a clean state after each analysis is challenging. To resolve this, in this paper we propose an FPGA-implemented storage mirroring technique for instantaneous restoration of the storage device and the retrieval of the files having been modified during the sample execution.","PeriodicalId":241340,"journal":{"name":"2019 International Conference on Field-Programmable Technology (ICFPT)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Storage Mirroring for Bare-Metal Malware Analysis on FPGA Devices\",\"authors\":\"D. C. Turicu, O. Creţ, L. Văcariu\",\"doi\":\"10.1109/ICFPT47387.2019.00061\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Malware continue to be a major security threat for computer systems. Due to their fast-growing number and increasing complexity, automated analysis methods are preferred by security analysts over manual ones. The automated dynamic analysis of malware executes the samples in controlled environments and monitors their potentially malicious behavior. Modern malware can detect these emulated or virtualized environments and suspend their malicious activities to foil the analysis. Consequently, the ultimate technique for analyzing the behavior of malware is through execution of the samples in bare metal analysis environments. Detection aside, restoring the analysis system to a clean state after each analysis is challenging. To resolve this, in this paper we propose an FPGA-implemented storage mirroring technique for instantaneous restoration of the storage device and the retrieval of the files having been modified during the sample execution.\",\"PeriodicalId\":241340,\"journal\":{\"name\":\"2019 International Conference on Field-Programmable Technology (ICFPT)\",\"volume\":\"33 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 International Conference on Field-Programmable Technology (ICFPT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICFPT47387.2019.00061\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 International Conference on Field-Programmable Technology (ICFPT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICFPT47387.2019.00061","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Storage Mirroring for Bare-Metal Malware Analysis on FPGA Devices
Malware continue to be a major security threat for computer systems. Due to their fast-growing number and increasing complexity, automated analysis methods are preferred by security analysts over manual ones. The automated dynamic analysis of malware executes the samples in controlled environments and monitors their potentially malicious behavior. Modern malware can detect these emulated or virtualized environments and suspend their malicious activities to foil the analysis. Consequently, the ultimate technique for analyzing the behavior of malware is through execution of the samples in bare metal analysis environments. Detection aside, restoring the analysis system to a clean state after each analysis is challenging. To resolve this, in this paper we propose an FPGA-implemented storage mirroring technique for instantaneous restoration of the storage device and the retrieval of the files having been modified during the sample execution.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
