Title :
MBMAS: A System for Malware Behavior Monitor and Analysis
Author :
Zhang FuYong ; Qi Deyu ; Hu JingLin
Author_Institution :
Res. Inst. of Comput. Syst., South China Univ. of Technol., Guangzhou, China
Abstract :
In this paper, we present MBMAS, a system for malware behavior monitor and analysis. MBMAS executes a malware sample in a controllable environment, monitors the state of system in five aspects including process, file system, registry, port and network, and automatically generates a detailed report. MBMAS provides useful filter mechanism which can only monitor the behaviors of processes created by malware. In this case, we can only capture information we need without losing any important information. MBMAS also provides automatic analysis function to analyze the behaviors of malware from captured information, and output a shortest report only includes behaviors of file creation, file deletion, registry changed and port opened. This report not only can be used by anti-virus software directly, but also can be used by common users who used for eliminating the malware and recovering operating system.
Keywords :
information filtering; invasive software; MBMAS system; antivirus software; automatic analysis function; file system; filter mechanism; malware behavior monitor system; operating system; Automatic generation control; Computer worms; Computerized monitoring; Control systems; File systems; Filters; Information analysis; Kernel; Operating systems; Virtual machining;
Conference_Titel :
Computer Network and Multimedia Technology, 2009. CNMT 2009. International Symposium on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-5272-9
DOI :
10.1109/CNMT.2009.5374613
