loading
Documents

Research.Publish.Connect.

Paper

Authors: Shun Yonamine 1 ; Youki Kadobayashi 1 ; Daisuke Miyamoto 2 and Yuzo Taenaka 1

Affiliations: 1 Nara Institute of Science and Technology, 8916-5 Takayama, Ikoma, Nara 630-0192, Japan ; 2 The University of Tokyo, 2-11-16 Yayoi, Bunkyo, Tokyo, 113-8658, Japan

ISBN: 978-989-758-359-9

Keyword(s): Malware Characterization, Virtual Machine Introspection, Taint Analysis, Malware Analysis.

Abstract: One of the goals of malware analysis is to figure out the intention of an attacker, namely high-level mechanism. Since malicious activities are typically performed by combining multiple APIs, to identify the malicious intention, it is needed to inspect the series of APIs to analyze its semantics. In traditional malware analysis, this task generally relies on manual efforts of experts. There is no methodology for associating multiple APIs and identifying the malicious intention in an automated manner. In this paper, we propose a virtual machine introspection-based method for automatically identifying high-level mechanisms. We developed Spaniel, a prototype system, which uses taint analysis to track malicious processing that derives from the data read from a specified file and collects the traces of malicious activities. For evaluation, we used adversary behavior models defined in ATT&CK and Spaniel identified key indicators that cover 26% of those models.

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 100.24.209.47

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Yonamine, S.; Kadobayashi, Y.; Miyamoto, D. and Taenaka, Y. (2019). Towards Automated Characterization of Malware’s High-level Mechanism using Virtual Machine Introspection.In Proceedings of the 5th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-359-9, pages 471-478. DOI: 10.5220/0007405504710478

@conference{icissp19,
author={Shun Yonamine. and Youki Kadobayashi. and Daisuke Miyamoto. and Yuzo Taenaka.},
title={Towards Automated Characterization of Malware’s High-level Mechanism using Virtual Machine Introspection},
booktitle={Proceedings of the 5th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2019},
pages={471-478},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007405504710478},
isbn={978-989-758-359-9},
}

TY - CONF

JO - Proceedings of the 5th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Towards Automated Characterization of Malware’s High-level Mechanism using Virtual Machine Introspection
SN - 978-989-758-359-9
AU - Yonamine, S.
AU - Kadobayashi, Y.
AU - Miyamoto, D.
AU - Taenaka, Y.
PY - 2019
SP - 471
EP - 478
DO - 10.5220/0007405504710478

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.