2021
DOI: 10.1186/s42400-021-00083-9
|View full text |Cite
|
Sign up to set email alerts
|

Hypervisor-assisted dynamic malware analysis

Abstract: Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
19
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
3
3
1

Relationship

0
7

Authors

Journals

citations
Cited by 11 publications
(19 citation statements)
references
References 42 publications
0
19
0
Order By: Relevance
“…From Figure 2, performances were compared in terms of average attack detection time for distinct numbers of connections (i.e., count) ranging from 15 to 150. The results obtained show that the attack detection time of the proposed method FEB-PVL is better and rise more steadily than the other methods, [21], [22]. Moreover, it can also be inferred from Figure 2 that the proposed FEB-PVL method consumes less time to detect both the content and behavior types of attacks.…”
Section: Performance Analysis Of Attack Detection Timementioning
confidence: 74%
See 2 more Smart Citations
“…From Figure 2, performances were compared in terms of average attack detection time for distinct numbers of connections (i.e., count) ranging from 15 to 150. The results obtained show that the attack detection time of the proposed method FEB-PVL is better and rise more steadily than the other methods, [21], [22]. Moreover, it can also be inferred from Figure 2 that the proposed FEB-PVL method consumes less time to detect both the content and behavior types of attacks.…”
Section: Performance Analysis Of Attack Detection Timementioning
confidence: 74%
“…Table 2 shows the results of attack detection time using three methods, FEB-PVL, hypervisor content-based malware detection [21], and behavior-based malware detection [22] respectively. From the results, it is evident that FEB-PVL consumes comparatively minimum attack detection time than hypervisor content-based malware detection [21] and behavior-based malware detection [22]. For a detailed comparison of the methods, the indicator line chart is shown in Figure 2.…”
Section: Performance Analysis Of Attack Detection Timementioning
confidence: 99%
See 1 more Smart Citation
“…They also presented a forensic technique to monitor memory modifications by controlling page-grained permissions using EPT violations. Many state-of-the-art papers, including Sharmeen et al [1] and Leon et al [18], have employed process-level dynamic features. While these papers [1], [16]- [18] show a malware analysis method using process-level information, this paper presented a ransomware detection method using only low-level memory access patterns.…”
Section: Discussionmentioning
confidence: 99%
“…Many state-of-the-art papers, including Sharmeen et al [1] and Leon et al [18], have employed process-level dynamic features. While these papers [1], [16]- [18] show a malware analysis method using process-level information, this paper presented a ransomware detection method using only low-level memory access patterns. Our approach is also different from other hypervisors that mainly focus on dumping memory contents [19], [20].…”
Section: Discussionmentioning
confidence: 99%