Assessment of Virtualization as a Sensor Technique

The explosive growth of malware development and the increasing sophistication of malware behavior require thatsecurity researchers be on the lookout for new vectors of attacks. Drive-by-downloads are among the types of attacks that are onthe rise. To study them, researchers use client honeypots deployed in virtualized environments; however, virtualization isdetectable. There is evidence of malware detecting virtualization and hiding its malicious intent to avoid detection and furtherstudy. This research aims to identify differences in detection capabilities of honeypots deployed in two different environments,those deployed in virtual machines and those deployed in physical machines. With this objective, these researchers developed abare-metal honeypot that does not use virtualization. The honeypots deployed in both environments accessed malicious URLs andclassified them. Discrepancies in the resulting classification were analyzed. Accomplishments include the identification of anexperimental methodology to be scaled for a larger study during the next phase of this research.Keywords- honeypot; virtual machine; cyber-security; malware; malware analysis; virtualization; virtualization