{"title":"动态恶意软件检测和记录使用虚拟机自省","authors":"A. More, S. Tapaswi","doi":"10.1109/BPM.2013.6615011","DOIUrl":null,"url":null,"abstract":"Detecting and collecting malware samples is considered to be a milestone in computer security. Recording entire Virtual Machine (VM) activities requires considerable resources and it is not the wiser choice too. Our approach is combination of Virtual machine introspection (VMI), file system clustering, malware activity recording. The proposed framework consists of four steps. In initial step possible executable codes are detected using clustering algorithm. Next step monitors process and information flow for these executables using VMI. The data and information flow graph is generated for such processes. Malicious graphs among all are detected in next step. Final step comprises of recording malicious graphs and commitment of VM. We have implemented the prototype of this framework on leading hypervisor for Windows OS. Experimental results shows that it is better way to detect and store malicious processes than storing entire VM. We believe it as a cost effective intelligent solution for malware recording.","PeriodicalId":186910,"journal":{"name":"DSCI - Best Practices Meet 2013","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Dynamic malware detection and recording using virtual machine introspection\",\"authors\":\"A. More, S. Tapaswi\",\"doi\":\"10.1109/BPM.2013.6615011\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Detecting and collecting malware samples is considered to be a milestone in computer security. Recording entire Virtual Machine (VM) activities requires considerable resources and it is not the wiser choice too. Our approach is combination of Virtual machine introspection (VMI), file system clustering, malware activity recording. The proposed framework consists of four steps. In initial step possible executable codes are detected using clustering algorithm. Next step monitors process and information flow for these executables using VMI. The data and information flow graph is generated for such processes. Malicious graphs among all are detected in next step. Final step comprises of recording malicious graphs and commitment of VM. We have implemented the prototype of this framework on leading hypervisor for Windows OS. Experimental results shows that it is better way to detect and store malicious processes than storing entire VM. We believe it as a cost effective intelligent solution for malware recording.\",\"PeriodicalId\":186910,\"journal\":{\"name\":\"DSCI - Best Practices Meet 2013\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-07-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"DSCI - Best Practices Meet 2013\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/BPM.2013.6615011\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"DSCI - Best Practices Meet 2013","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/BPM.2013.6615011","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Dynamic malware detection and recording using virtual machine introspection
Detecting and collecting malware samples is considered to be a milestone in computer security. Recording entire Virtual Machine (VM) activities requires considerable resources and it is not the wiser choice too. Our approach is combination of Virtual machine introspection (VMI), file system clustering, malware activity recording. The proposed framework consists of four steps. In initial step possible executable codes are detected using clustering algorithm. Next step monitors process and information flow for these executables using VMI. The data and information flow graph is generated for such processes. Malicious graphs among all are detected in next step. Final step comprises of recording malicious graphs and commitment of VM. We have implemented the prototype of this framework on leading hypervisor for Windows OS. Experimental results shows that it is better way to detect and store malicious processes than storing entire VM. We believe it as a cost effective intelligent solution for malware recording.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
