For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
A New Hybrid Index Structure Based on R-Tree and Inverted File
p.846
An Autonomous Learning Multimedia Courseware Design
p.851
Content Metadata Research of New Audio-Visual Media
p.855
Design of Mobile Electronic Micro-Payment System
p.859
Malware Analysis Platform Based on Secondary Development of Xen
p.865
Program Design of Dynamic Arrangement-Based Immediate Generation of Electronic Seals
p.869
The Application of Machine Learning to Study Malware Evolution
p.875
The Design of a Physical Education Subject Testing System
p.879
A Design of a Sci-Tech Information Retrieval Platform Based on Apache Solr and Web Mining
p.883

Malware Analysis Platform Based on Secondary Development of Xen

Article Preview

Abstract:

The API calls reflect the functional levels of a program, analysis of the API calls would lead to an understanding of the behavior of the malware. Malware analysis environment has been widely used, but some malware already have the anti-virtual, anti-debugging and anti-tracking ability with the evolution of the malware. These analysis environments use a combination of API hooking and/or API virtualization, which are detectable by malware running at the same privilege level. In this work, we develop the fully automated platform to trace the native API calls based on secondary development of Xen and have obtained the most transparent and similar system to a Windows OS as possible in order to obtain an execution trace of a program as if it was run in an environment with no tracer present. In contrast to other approaches, the hardware-assisted nature of our approach implicitly avoids many shortcomings that arise from incomplete or inaccurate system emulation.

You might also be interested in these eBooks
Advances in Measurements and Information Technologies View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 530-531)

Pages:

865-868

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.530-531.865

Citation:

Cite this paper

Online since:

February 2014

Authors:

Jin Rong Bai*, Guo Zhong Zou, Shi Guang Mu

Keywords:

Information Security, Malware Analysis, Native API, Xen

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2014 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

* - Corresponding Author

References

[1] G. Hunt and D. Brubacher. Detours: Binary Interception of Win32 Functions. In: the 3rd conference on USENIX Windows NT Symposium, Berkeley, CA, USA, pp.135-143 (1999).

Google Scholar

[2] DYNINST API on http: /www. dyninst. org.

Google Scholar

[3] X. Jiang, X. Wang, and D. Xu. Stealthy Malware Detection Through VMM-Based Out-of-the-Box, Semantic View Reconstruction. In: the14th ACM conference on Computer and communications security, New York, NY, USA, pp.128-138 (2007).

DOI: 10.1145/1315245.1315262

Google Scholar

[4] U. Bayer, C. Kruegel, and E. Kirda. TTanalyze: A Tool for Analyzing Malware. In: 15th Annual Conference of the European Institute for Computer Antivirus Research, Germany, pp.180-192 (2006).

Google Scholar

[5] F. Bellard. QEMU, a Fast and Portable Dynamic Translator. In: the Proceedings of the 2005 USENIX Annual Technical Conference, Anaheim, CA, USA, pp.41-41 (2005).

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.