DocumentCode :
2518314
Title :
How to Locate a Target Binary Process and Its Derivatives in System Emulator
Author :
Kim, Hyung Chan ; Inoue, Daisuke ; Eto, Masashi ; Song, Jungsuk ; Nakao, Koji
Author_Institution :
Nat. Inst. of Inf. & Commun. Technol. (NICT), Tokyo, Japan
fYear :
2010
fDate :
19-23 July 2010
Firstpage :
273
Lastpage :
276
Abstract :
Many parties for analyzing malwares have been deployed several types of dynamic binary analysis systems. In such systems, a given malware specimen is inserted and monitoring modules profile the behavior of the malware to compile analysis results. However, many malwares generate derivative processes by making child processes and/or interposing behavior into other processes. In this paper, we describe an architecture of an extended system emulator (Livex) to instrument sample malware processes in parallel. Livex is built upon QEMU whole system emulator. For a given target binary specimen, our system tries to probe its derivative processes and monitor them together with the main process. This paper includes experiments to look at the applicability of our method with synthetic programs as well as real malware specimens.
Keywords :
invasive software; Livex; malwares; system emulator; target binary process; Computers; Instruments; Kernel; Malware; Target tracking; USA Councils; instrumentation; malwares; multiprocessing; system emulator; virtualization;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Applications and the Internet (SAINT), 2010 10th IEEE/IPSJ International Symposium on
Conference_Location :
Seoul
Print_ISBN :
978-1-4244-7526-1
Electronic_ISBN :
978-0-7695-4107-5
Type :
conf
DOI :
10.1109/SAINT.2010.111
Filename :
5598063
Link To Document :
بازگشت