Malware Behavior Analysis Based on Virtual Machine Introspection and Snapshot Comparison

Chia-Wei Hsu, Chi-Wei Wang, Chia-Wei Wang

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

目前新型的惡意程式,大多會試圖以各種技巧如Rootkit、Hooking等,躲避偵測程式的分析,造成分析人員追蹤的困難。面對這些問題,專業的資安人員往往缺乏系統化、自動化的平台工具,快速的進行分析程序並作出修補或更正。本論文透過一模擬的X86主機系統,比對檢測目標對系統某些重要區域,如檔案系統、登錄機碼、驅動程式、程序以及執行緒等,所造成的前後差異。且透過由外部直接觀察虛擬機器內部的Virtual Machine Introspection技術,得知某些資訊是否為內部的惡意程式所變造,以偵測惡意程式的Rootkit行為。
Original languageEnglish
Title of host publication20th Cryptology and Information Security Conference (CISC 2010)
DOIs
StatePublished - May 2010

Fingerprint Dive into the research topics of 'Malware Behavior Analysis Based on Virtual Machine Introspection and Snapshot Comparison'. Together they form a unique fingerprint.

Cite this