DocumentCode :
2926307
Title :
Malware analysis system using process-level virtualization
Author :
Adachi, Yu. ; Oyama, Yoshihiro
Author_Institution :
Univ. of Electro-Commun., Chofu, Japan
fYear :
2009
fDate :
5-8 July 2009
Firstpage :
550
Lastpage :
556
Abstract :
We have developed a malware analysis system based on process-level virtualization. Our BitSaucer system can dynamically generate a number of virtual execution environments as honeypots on one machine. It confines malware by creating a virtual file tree in a virtual execution environment and by redirecting outgoing network communication to another virtual execution environment on the same machine. BitSaucer has minimal resource consumption and runtime overhead. Even when 1000 virtual execution environments were hosted on one machine, the applications running in the environments worked as well as they normally do. We deployed a honeypot on the Internet and collected information related to actual attacks. Experimental results showed that BitSaucer had better performance on the ApacheBench benchmark than a naive honeypot system based on a virtual machine monitor.
Keywords :
Internet; invasive software; BitSaucer system; Internet; malware analysis system; process-level virtualization; virtual file tree; Internet; Runtime; Virtual machine monitors;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computers and Communications, 2009. ISCC 2009. IEEE Symposium on
Conference_Location :
Sousse
ISSN :
1530-1346
Print_ISBN :
978-1-4244-4672-8
Electronic_ISBN :
1530-1346
Type :
conf
DOI :
10.1109/ISCC.2009.5202313
Filename :
5202313
Link To Document :
بازگشت