Abstract | ||
---|---|---|
Behavior-based detection methods have the ability to detect unknown malicious software (malware). The success of behavior-based detection methods must depend on sufficient number of abnormal behavior models. Insufficient number of abnormal behavior models can lead to high false positive and/or false negative rates. The majority of abnormal behavior models can only be derived by observing application behavior at lower level. However the traditional approaches are not very efficient in this type of analysis. In this paper, we present Holography,a virtual hardware-level tool to capture actions of malware programs. Holography does not rely on any driver that is installed on an operating system to log the execution profile of malware programs. Instead, Holography relies on only hardware level information to capture actions of malware programs. As a result, Holography is invisible to malware programs and therefore cannot be disabled or bypassed by malware programs. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1109/PRDC.2009.48 | PRDC |
Keywords | Field | DocType |
malware analysis,execution profile,insufficient number,lower level,behavior-based detection method,application behavior,sufficient number,hardware virtualization tool,hardware level information,false negative rate,malware program,abnormal behavior model,holography,hardware virtualization,behavior modeling,kernel,registers,dynamic analysis,malicious software,satellites,virtual machines | Kernel (linear algebra),Cryptovirology,Holography,Yarn,Virtual machine,Hardware virtualization,Computer security,Computer science,Malware,Distributed computing,Malware analysis,Embedded system | Conference |
Citations | PageRank | References |
5 | 0.70 | 6 |
Authors | ||
6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Shih-yao Dai | 1 | 40 | 4.33 |
Yarochkin Fyodor | 2 | 12 | 2.22 |
Jain-Shing Wu | 3 | 65 | 5.91 |
Chih-Hung Lin | 4 | 8 | 1.11 |
Yennun Huang | 5 | 738 | 106.38 |
Sy-Yen Kuo | 6 | 2304 | 245.46 |