Table of Contents Author Guidelines Submit a Manuscript
Mathematical Problems in Engineering
Volume 2013, Article ID 402438, 11 pages
http://dx.doi.org/10.1155/2013/402438
Research Article

Osiris: A Malware Behavior Capturing System Implemented at Virtual Machine Monitor Layer

1School of Computer Science and Technology, Xidian University, P.O. Box 167, Xi’an, Shaanxi 710071, China
2College of Computer Science and Technology, Chongqing University of Posts and Telecommunications, Chongqing, China

Received 17 January 2013; Accepted 19 March 2013

Academic Editor: Yuping Wang

Copyright © 2013 Ying Cao et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. P. Beaucamps, “Advanced polymorphic techniques,” International Journal of Computer Science, vol. 2, pp. 194–205, 2007. View at Google Scholar
  2. E. Filiol, “Malware pattern scanning schemes secure against black-box analysis,” Journal in Computer Virology, vol. 2, no. 1, pp. 35–50, 2006. View at Publisher · View at Google Scholar · View at Scopus
  3. G. Jacob, H. Debar, and E. Filiol, “Behavioral detection of malware: from a survey towards an established taxonomy,” Journal in Computer Virology, vol. 4, no. 3, pp. 251–266, 2008. View at Publisher · View at Google Scholar · View at Scopus
  4. E. Filiol, G. Jacob, and M. Le Liard, “Evaluation methodology and theoretical model for antiviral behavioural detection strategies,” Journal in Computer Virology, vol. 3, no. 1, pp. 23–37, 2007. View at Publisher · View at Google Scholar · View at Scopus
  5. X. Chen, J. Andersen, Z. Morley Mao, M. Bailey, and J. Nazario, “Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware,” in Proceedings of International Conference on Dependable Systems and Networks (DSN '08), pp. 177–186, June 2008. View at Publisher · View at Google Scholar · View at Scopus
  6. D. Inoue, K. Yoshioka, M. Eto, Y. Hoshizawa, and K. Nakao, “Malware behavior analysis in isolated miniature network for revealing Malware's network activity,” in Proceedings of IEEE International Conference on Communications (ICC '08), pp. 1715–1721, May 2008. View at Publisher · View at Google Scholar · View at Scopus
  7. G. Hunt and D. Brubacher, “Detours: binary interception of Win32 functions,” in Proceedings of the 3rd USENIX Windows NT Symposium, pp. 135–143, USENIX Association, 1999.
  8. M. Egele, T. Scholte, E. Kirda et al., “A survey on automated dynamic malware-analysis techniques and tools,” ACM Computing Surveys, vol. 44, pp. 1–49, 2012. View at Google Scholar
  9. F. Bellard, “QEMU, a fast and portable dynamic translator,” in Proceedings of the USENIX Annual Technical Conference, pp. 41–46, USENIX Associations, 2005.
  10. U. Bayer, C. Kruegel, and E. Kirda, “TTAnalyze: a tool for analyzing malware,” in Proceedings of the 15th Annual Conference on European Institute for Computer Antivirus Research (EICAR '06), Hamburg, Germany, 2006.
  11. G. Willems, T. Holz, and F. Freiling, “Toward automated dynamic malware analysis using CWSandbox,” IEEE Security and Privacy, vol. 5, no. 2, pp. 32–39, 2007. View at Publisher · View at Google Scholar · View at Scopus
  12. “Norman sandbox whitepaper,” 2012, http://www.norman.com/documents/wpsandbox.pdf.
  13. X. Jiang, X. Wang, and D. Xu, “Stealthy malware detection and monitoring through VMM-based "out-of-the-box" semantic view reconstruction,” ACM Transactions on Information and System Security, vol. 13, no. 2, article 12, 2010. View at Publisher · View at Google Scholar · View at Scopus
  14. M. Probst, “Dynamic binary translation,” in Proceedings of UKUUG Linux Developers' Conference, Bristol, UK, 2002.
  15. M. E. Russinovich and D. A. Solomon, Microsoft Windows Internals: Windows Server 2003, O'Reilly Media, Cambridge, Mass, USA, 2009.
  16. Antiy Labs, 2013, http://www.antiy.com/cn/security/report-more.htm.
  17. C. Kolbitsch, P. M. Comparetti, C. Kruegel et al., “Effective and efficient malware detection at the end host,” in Proceedings of the 18th Conference on USENIX Security Symposium (USENIX Security '09), pp. 351–366, USENIX Association, 2009.