Title :
Dynamic malware detection and recording using virtual machine introspection
Author :
More, Ankit ; Tapaswi, S.
Author_Institution :
ABV - Indian Inst. of Inf. Technol. & Manage., Gwalior, India
Abstract :
Detecting and collecting malware samples is considered to be a milestone in computer security. Recording entire Virtual Machine (VM) activities requires considerable resources and it is not the wiser choice too. Our approach is combination of Virtual machine introspection (VMI), file system clustering, malware activity recording. The proposed framework consists of four steps. In initial step possible executable codes are detected using clustering algorithm. Next step monitors process and information flow for these executables using VMI. The data and information flow graph is generated for such processes. Malicious graphs among all are detected in next step. Final step comprises of recording malicious graphs and commitment of VM. We have implemented the prototype of this framework on leading hypervisor for Windows OS. Experimental results shows that it is better way to detect and store malicious processes than storing entire VM. We believe it as a cost effective intelligent solution for malware recording.
Keywords :
invasive software; virtual machines; VMI; Windows OS; clustering algorithm; computer security; dynamic malware detection; file system clustering; hypervisor; information flow graph; malicious graphs; malicious processes; malware activity recording; malware recording; malware samples; virtual machine activities; virtual machine introspection; Algorithm design and analysis; Clustering algorithms; Malware; Monitoring; Software; Virtual machine monitors; Virtual machining; Malware recording; Virtual Machine Introspection;
Conference_Titel :
Best Practices Meet (BPM), 2013 DSCI
Conference_Location :
Chennai
Print_ISBN :
978-1-4799-0637-6
DOI :
10.1109/BPM.2013.6615011
