標題: | Fast Discovery of VM-Sensitive Divergence Points with Basic Block Comparison |
作者: | Liu, Yen-Ju Chen, Chong-Kuan Cho, Michael Cheng Yi Shich, Shiuhpyng 資訊工程學系 Department of Computer Science |
關鍵字: | Malware Behavior Analysis;VM-Aware Malware;Virtual Machine |
公開日期: | 1-Jan-2014 |
摘要: | To evade VM-based malware analysis systems, VM-aware malware equipped with the ability to detect the presence of virtual machine has appeared. To cope with the problem, detecting VM-aware malware and locating VM-sensitive divergence points of VM-aware malware is in urgent need. In this paper, we propose a novel block-based divergence locator. In contrast to the conventional instruction-based schemes, the block-based divergence locator divides malware program into basic blocks, instead of binary instructions, and uses them as the analysis unit. The block-based divergence locator significantly decrease the cost of behavior logging and trace comparison, as well as the size of behavior traces. As the evaluation showed, behavior logging is 23.87-39.49 times faster than the conventional schemes. The total number of analysis unit, which is highly related to the cost of trace comparisons, is 11.95%-16.00% of the conventional schemes. Consequently, VM-sensitive divergence points can be discovered more efficiently. The correctness of our divergence point discovery algorithm is also proved formally in this paper. |
URI: | http://dx.doi.org/10.1109/SERE.2014.33 http://hdl.handle.net/11536/128598 |
ISBN: | 978-1-4799-4296-1 |
ISSN: | 2378-3877 |
DOI: | 10.1109/SERE.2014.33 |
期刊: | 2014 EIGHTH INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND RELIABILITY |
起始頁: | 196 |
結束頁: | 205 |
Appears in Collections: | Conferences Paper |