Title :
Malware self protection mechanism issues in conducting malware behaviour analysis in a virtual environment as compared to a real environment
Author :
Alsagoff, Syed Nasir
Author_Institution :
Fac. of Sci. & Defence Technol., Nat. Defence Univ. of Malaysia, Malaysia
Abstract :
Malware writers are constantly trying to defeat and hinder malware analysis with malware self protection mechanism. There are two main methods of malware analysis which are reverse engineering and behaviour analysis. Reverse engineering consists of static and dynamic code analysis. Behaviour analysis studies the malware´s interaction in and out of the infected host. Behaviour analysis will always be a faster method compared to reverse engineering due to its more visual approach. This study will analyse issues related to malware self protection mechanism in conducting malware behaviour analysis in a virtual environment as compared to a real environment and suggestion(s), on how to overcome the problem.
Keywords :
invasive software; reverse engineering; behaviour analysis; dynamic code analysis; malware behaviour analysis; malware self protection mechanism; malware writers; reverse engineering; static code analysis; virtual environment; Hard disks; Hardware; Image restoration; Malware; Reverse engineering; Software; Virtual environment;
Conference_Titel :
Information Technology (ITSim), 2010 International Symposium in
Conference_Location :
Kuala Lumpur
Print_ISBN :
978-1-4244-6715-0
DOI :
10.1109/ITSIM.2010.5561600
