Title :
How to Locate a Target Binary Process and Its Derivatives in System Emulator
Author :
Kim, Hyung Chan ; Inoue, Daisuke ; Eto, Masashi ; Song, Jungsuk ; Nakao, Koji
Author_Institution :
Nat. Inst. of Inf. & Commun. Technol. (NICT), Tokyo, Japan
Abstract :
Many parties for analyzing malwares have been deployed several types of dynamic binary analysis systems. In such systems, a given malware specimen is inserted and monitoring modules profile the behavior of the malware to compile analysis results. However, many malwares generate derivative processes by making child processes and/or interposing behavior into other processes. In this paper, we describe an architecture of an extended system emulator (Livex) to instrument sample malware processes in parallel. Livex is built upon QEMU whole system emulator. For a given target binary specimen, our system tries to probe its derivative processes and monitor them together with the main process. This paper includes experiments to look at the applicability of our method with synthetic programs as well as real malware specimens.
Keywords :
invasive software; Livex; malwares; system emulator; target binary process; Computers; Instruments; Kernel; Malware; Target tracking; USA Councils; instrumentation; malwares; multiprocessing; system emulator; virtualization;
Conference_Titel :
Applications and the Internet (SAINT), 2010 10th IEEE/IPSJ International Symposium on
Conference_Location :
Seoul
Print_ISBN :
978-1-4244-7526-1
Electronic_ISBN :
978-0-7695-4107-5
DOI :
10.1109/SAINT.2010.111