2022
DOI: 10.1002/spy2.253
|View full text |Cite
|
Sign up to set email alerts
|

Automated Windows behavioral tracing for malware analysis

Abstract: In malware analysis, there are two problem scenarios—detection and prevention. In prevention, analysts try to quarantine the file before it gets executed in a real system. The file is further analyzed in a sandbox to observe the behavior. Hence, our work shows that our agent captures events for malware analysis. After integration with the sandbox, it produces robust and efficient models. ETW is a Windows in‐build tool with kernel‐level access. We develop an agent using ETW in C++ with proper usage details. We … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

0
0
0

Year Published

2023
2023
2024
2024

Publication Types

Select...
2
2

Relationship

0
4

Authors

Journals

citations
Cited by 4 publications
references
References 10 publications
0
0
0
Order By: Relevance