Luis Enrique Héctor Almaraz García scite author profile

Luis Enrique Héctor Almaraz García

2Publications

0Citation Statements Received

21Citation Statements Given

How they've been cited

How they cite others

Affiliations

Publications

Order By: Most citations

A Method for Malware Analysis by Virtual Machine Introspection Technique

García¹,

Bermejo²

2018

RCS

View full text Add to dashboard Cite

Malicious code has become one of the biggest threats in the field of computer security. Traditional malware monitoring tools are installed in the physical host, they trust in the integrity of the host, however, they are vulnerable to being infected by malware and delivering erroneous results about monitoring. In this paper, a method based on Virtual Machine Introspection technique is proposed to obtain the memory image of a Virtual Machine, from outside, with the help of the VirtualBox API, also analyze its internal content such as running processes, threads, network connections, and open files with the use of the Volatility Framework to interpret the low-level bytes into high-level information and finally, report this information in a monitoring register. This approach has been tested with the execution of 3 samples of malware inside a 32-bit Microsoft Windows XP SP3 Virtual Machine and the results obtained support the main hypothesis that if the Virtual Machine Introspection technique is applied to a Virtual Machine then it is possible to obtain the activities of a process and according to its behavior, identify malware.

show abstract

Armagedroid, APKs Static Analyzer Software

García¹,

Anaya²,

Escamilla-Ambrosio³

et al. 2017

RCS

View full text Add to dashboard Cite

Armagedroid, a software for static analysis of Android APKs, arises with the objective of assisting in the decision making by the user analyst, who must evaluate, thanks to the metadata obtained by the program, if it is a reliable package or a possible malware application, automating the procedures involved in this type of analysis. Consistent phases of the Armagedroid analysis consider the APK structure, its contents, its manifest file to extract the package, permissions and archive activities using action modules. The result obtained with the use of the tool is the gathered information from each module applied to a benign APK and one with malware, which, once compared, distinguish that the malicious package requests more permissions than the trusted APK and with just having an activity. The contributions of Armagedroid in comparison with other programs of static analysis are: the validation that the file loaded in memory is really an APK, checking its size, obtaining its content and generating the analysis report of the APK which consists of the information of the metadata obtained from the APK: the name, size in bytes, integrity checksums, which are MD5, SHA1 and SHA256, APK content , information of the files it contains, the name of the package, the list of activities and permissions of the APK in order to make the results known to the user.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.