Paper Info
Title
Holography: A Hardware Virtualization Tool for Malware Analysis
Abstract
Behavior-based detection methods have the ability to detect unknown malicious software (malware). The success of behavior-based detection methods must depend on sufficient number of abnormal behavior models. Insufficient number of abnormal behavior models can lead to high false positive and/or false negative rates. The majority of abnormal behavior models can only be derived by observing application behavior at lower level. However the traditional approaches are not very efficient in this type of analysis. In this paper, we present Holography,a virtual hardware-level tool to capture actions of malware programs. Holography does not rely on any driver that is installed on an operating system to log the execution profile of malware programs. Instead, Holography relies on only hardware level information to capture actions of malware programs. As a result, Holography is invisible to malware programs and therefore cannot be disabled or bypassed by malware programs.
Year
DOI
Venue
2009
10.1109/PRDC.2009.48
PRDC
Keywords
Field
DocType
malware analysis,execution profile,insufficient number,lower level,behavior-based detection method,application behavior,sufficient number,hardware virtualization tool,hardware level information,false negative rate,malware program,abnormal behavior model,holography,hardware virtualization,behavior modeling,kernel,registers,dynamic analysis,malicious software,satellites,virtual machines
Kernel (linear algebra),Cryptovirology,Holography,Yarn,Virtual machine,Hardware virtualization,Computer security,Computer science,Malware,Distributed computing,Malware analysis,Embedded system
Conference
Citations 
PageRank 
References 
5
0.70
6
Authors
6
Name
Order
Citations
PageRank
Shih-yao Dai1404.33
Yarochkin Fyodor2122.22
Jain-Shing Wu3655.91
Chih-Hung Lin481.11
Yennun Huang5738106.38
Sy-Yen Kuo62304245.46