標題: Fast Discovery of VM-Sensitive Divergence Points with Basic Block Comparison
作者: Liu, Yen-Ju
Chen, Chong-Kuan
Cho, Michael Cheng Yi
Shich, Shiuhpyng
資訊工程學系
Department of Computer Science
關鍵字: Malware Behavior Analysis;VM-Aware Malware;Virtual Machine
公開日期: 1-Jan-2014
摘要: To evade VM-based malware analysis systems, VM-aware malware equipped with the ability to detect the presence of virtual machine has appeared. To cope with the problem, detecting VM-aware malware and locating VM-sensitive divergence points of VM-aware malware is in urgent need. In this paper, we propose a novel block-based divergence locator. In contrast to the conventional instruction-based schemes, the block-based divergence locator divides malware program into basic blocks, instead of binary instructions, and uses them as the analysis unit. The block-based divergence locator significantly decrease the cost of behavior logging and trace comparison, as well as the size of behavior traces. As the evaluation showed, behavior logging is 23.87-39.49 times faster than the conventional schemes. The total number of analysis unit, which is highly related to the cost of trace comparisons, is 11.95%-16.00% of the conventional schemes. Consequently, VM-sensitive divergence points can be discovered more efficiently. The correctness of our divergence point discovery algorithm is also proved formally in this paper.
URI: http://dx.doi.org/10.1109/SERE.2014.33
http://hdl.handle.net/11536/128598
ISBN: 978-1-4799-4296-1
ISSN: 2378-3877
DOI: 10.1109/SERE.2014.33
期刊: 2014 EIGHTH INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND RELIABILITY
起始頁: 196
結束頁: 205
Appears in Collections:Conferences Paper