Abstract
Modern malware attacks are designed intricately, transport data encrypted, so monitoring network traffic can’t solve such attacks completely. Therefore, network monitoring and analysis need to be combined with system behavior monitoring and memory analysis, and the latter is more important. In this article we propose a hardware-based virtualization prototype system, combined with memory analysis tools to monitor and counterwork malicious attacks actively. The system is based on Xen virtualization platform, which monitoring virtual machine behavior by capturing specific events. The events are triggered by some specific behaviors associated with malicious software monitoring, such as executing privileged instruction, system calls, memory writing, etc. When necessary, we can dump the memory of the virtual machine, use memory analysis tools for detailed analysis, so as to achieve the purpose of monitoring and counterworking.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Chisnall, D.: The definition guide to the Xen hypervisor
http://www.microsoft.com/zh-cn/server-cloud/windows-server/hyper-v.aspx
Li, F., Lai, A., Ddl, D.: Evidence of advanced persistent threat: a case study of malware for political espionage
Cao, Y., Liu, J., Miao, Q., Li, W.: Osiris: a malware behavior capturing system implemented at virtual machine monitor layer
Payne, B.D., de A. Carbone, M.D.P., Lee, W.: Secure and flexible monitoring of virtual machines
Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: malware analysis via hardware virtualization extensions. In: CCS’ 2008, 27–31 October
Virus and threats descriptions. Rootkit.Win32.Fu. http://www.f-secure.com/v-descs/fu.shtml (accessed)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wang, G., Liu, C., Lin, J. (2014). Transparency and Semantics Coexist: When Malware Analysis Meets the Hardware Assisted Virtualization. In: Yuan, Y., Wu, X., Lu, Y. (eds) Trustworthy Computing and Services. ISCTCS 2013. Communications in Computer and Information Science, vol 426. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43908-1_4
Download citation
DOI: https://doi.org/10.1007/978-3-662-43908-1_4
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-43907-4
Online ISBN: 978-3-662-43908-1
eBook Packages: Computer ScienceComputer Science (R0)