Malware Virtualization-Resistant Behavior Detection

Ming-Kung Sun; Chi-Sung Laih; Hui-Tang Lin; Mao-Jie Lin; Michael Chang

doi:10.1109/ICPADS.2011.78

I
ICPADS
2011
2011 IEEE 17th International Conference on Parallel and Distributed Systems
Abstract - Malware Virtualization-Resistant Behavior Detection

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Ming-Kung Sun Articles by Mao-Jie Lin Articles by Michael Chang Articles by Chi-Sung Laih Articles by Hui-Tang Lin

2011 IEEE 17th International Conference on Parallel and Distributed Systems

Malware Virtualization-Resistant Behavior Detection

Tainan, Taiwan

December 07-December 09

ISBN: 978-0-7695-4576-9

	ASCII Text	x
	Ming-Kung Sun, Mao-Jie Lin, Michael Chang, Chi-Sung Laih, Hui-Tang Lin, "Malware Virtualization-Resistant Behavior Detection," Parallel and Distributed Systems, International Conference on, pp. 912-917, 2011 IEEE 17th International Conference on Parallel and Distributed Systems, 2011.

	BibTex	x
	@article{ 10.1109/ICPADS.2011.78, author = {Ming-Kung Sun and Mao-Jie Lin and Michael Chang and Chi-Sung Laih and Hui-Tang Lin}, title = {Malware Virtualization-Resistant Behavior Detection}, journal ={Parallel and Distributed Systems, International Conference on}, volume = {0}, year = {2011}, issn = {1521-9097}, pages = {912-917}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICPADS.2011.78}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Parallel and Distributed Systems, International Conference on TI - Malware Virtualization-Resistant Behavior Detection SN - 1521-9097 SP912 EP917 A1 - Ming-Kung Sun, A1 - Mao-Jie Lin, A1 - Michael Chang, A1 - Chi-Sung Laih, A1 - Hui-Tang Lin, PY - 2011 VL - 0 JA - Parallel and Distributed Systems, International Conference on ER -

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICPADS.2011.78

Many researchers monitor malicious software (malware) behavior using Virtual Machines (VM) to protect the underlying operating system. For virtual machines, the malware monitor process exists at the same layer as the real system so the monitor can get detailed behavior information without being discovered. There are some Anti-VM techniques employed by malware authors to ward off collection, analysis and reverse engineering of their malicious programs. Therefore, malware researchers may obtain inaccurate analysis from VM aware programs. This paper presents a solution to detect Anti-VM techniques. We collect behavioral information from malware and use an enhanced behavior distance algorithm to calculate the difference between real and virtual environments to distinguish if the malware has Anti-VM capability. Our experiments show this algorithm works well. This idea can improve malware analysis results and reduce malware misdetection.

Citation:

Ming-Kung Sun, Mao-Jie Lin, Michael Chang, Chi-Sung Laih, Hui-Tang Lin, "Malware Virtualization-Resistant Behavior Detection," icpads, pp.912-917, 2011 IEEE 17th International Conference on Parallel and Distributed Systems, 2011

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.