Skip to main content
SpringerLink
Log in

Transparency and Semantics Coexist: When Malware Analysis Meets the Hardware Assisted Virtualization

  • Conference paper
  • First Online:
Book cover Trustworthy Computing and Services (ISCTCS 2013)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 426))

Included in the following conference series:

Abstract

Modern malware attacks are designed intricately, transport data encrypted, so monitoring network traffic can’t solve such attacks completely. Therefore, network monitoring and analysis need to be combined with system behavior monitoring and memory analysis, and the latter is more important. In this article we propose a hardware-based virtualization prototype system, combined with memory analysis tools to monitor and counterwork malicious attacks actively. The system is based on Xen virtualization platform, which monitoring virtual machine behavior by capturing specific events. The events are triggered by some specific behaviors associated with malicious software monitoring, such as executing privileged instruction, system calls, memory writing, etc. When necessary, we can dump the memory of the virtual machine, use memory analysis tools for detailed analysis, so as to achieve the purpose of monitoring and counterworking.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Chisnall, D.: The definition guide to the Xen hypervisor

    Google Scholar 

  2. http://www.microsoft.com/zh-cn/server-cloud/windows-server/hyper-v.aspx

  3. http://www.vmware.com/

  4. Li, F., Lai, A., Ddl, D.: Evidence of advanced persistent threat: a case study of malware for political espionage

    Google Scholar 

  5. Cao, Y., Liu, J., Miao, Q., Li, W.: Osiris: a malware behavior capturing system implemented at virtual machine monitor layer

    Google Scholar 

  6. Payne, B.D., de A. Carbone, M.D.P., Lee, W.: Secure and flexible monitoring of virtual machines

    Google Scholar 

  7. Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: malware analysis via hardware virtualization extensions. In: CCS’ 2008, 27–31 October

    Google Scholar 

  8. http://www.poisonivy-rat.com/

  9. Virus and threats descriptions. Rootkit.Win32.Fu. http://www.f-secure.com/v-descs/fu.shtml (accessed)

  10. http://www.passmark.com/products/pt.htm

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, Beijing University of Posts and Telecommunications, Beijing, China

    Guofeng Wang & Jie Lin

  2. School of Software Engineering, Beijing University of Posts and Telecommunications, Beijing, China

    Chuanyi Liu

  3. Key Laboratory of Trustworthy Distributed Computing and Service (BUPT), Ministry of Education, Beijing, China

    Guofeng Wang, Chuanyi Liu & Jie Lin

Authors
  1. Guofeng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chuanyi Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jie Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Guofeng Wang .

Editor information

Editors and Affiliations

  1. Beijing University of Posts and Telecommunications, Beijing, China

    Yuyu Yuan

  2. Beijing University of Posts and Telecommunications, Beijing, China

    Xu Wu

  3. Beijing University of Posts and Telecommunications, Beijing, China

    Yueming Lu

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wang, G., Liu, C., Lin, J. (2014). Transparency and Semantics Coexist: When Malware Analysis Meets the Hardware Assisted Virtualization. In: Yuan, Y., Wu, X., Lu, Y. (eds) Trustworthy Computing and Services. ISCTCS 2013. Communications in Computer and Information Science, vol 426. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43908-1_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-43908-1_4

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-43907-4

  • Online ISBN: 978-3-662-43908-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation