Title :
A new mechanism for preventing HVM-Aware Malware
Author :
Li, Heshuai ; Zhu, Junhu ; Zhou, Tianyang ; Wang, Qingxian
Author_Institution :
Nat. Digital Switching Syst. Eng. & Technol. Res. Center (NDSC), Zhengzhou, China
Abstract :
Hardware-based Virtual Machine (HVM), for its high efficiency and good simulation, has played an important role in the course of building honeypots and debuggers. But some malwares called HVM-Aware Malware can identify the virtualized environment which they are processing in and then stop themselves to avoid being analysed. One of the most efficient HVM-Aware technologies is called "Counter-Based Detection". It\´s a very risky challenge to HVM-based honeypots and debuggers. In this paper a new mechanism based on operation interception and return value distortion is presented to solve this problem, it can prevent HVM from being identified so that it can protect honeypots and debuggers very well. At last some experiments demonstrate the effectiveness and practicality of the mechanism.
Keywords :
invasive software; virtual machines; HVM-aware malware prevention; HVM-based debuggers; HVM-based honeypots; counter-based detection; hardware-based virtual machine; operation interception; return value distortion; Hardware; Security; Workstations; Counter-Based Detection; Hardware Virtualization; Operation Interception;
Conference_Titel :
Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on
Conference_Location :
Xi´an
Print_ISBN :
978-1-61284-485-5
DOI :
10.1109/ICCSN.2011.6014696
