loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Shun Yonamine 1 ; Youki Kadobayashi 1 ; Daisuke Miyamoto 2 and Yuzo Taenaka 1

Affiliations: 1 Nara Institute of Science and Technology, 8916-5 Takayama, Ikoma, Nara 630-0192 and Japan ; 2 The University of Tokyo, 2-11-16 Yayoi, Bunkyo, Tokyo, 113-8658 and Japan

Keyword(s): Malware Characterization, Virtual Machine Introspection, Taint Analysis, Malware Analysis.

Abstract: One of the goals of malware analysis is to figure out the intention of an attacker, namely high-level mechanism. Since malicious activities are typically performed by combining multiple APIs, to identify the malicious intention, it is needed to inspect the series of APIs to analyze its semantics. In traditional malware analysis, this task generally relies on manual efforts of experts. There is no methodology for associating multiple APIs and identifying the malicious intention in an automated manner. In this paper, we propose a virtual machine introspection-based method for automatically identifying high-level mechanisms. We developed Spaniel, a prototype system, which uses taint analysis to track malicious processing that derives from the data read from a specified file and collects the traces of malicious activities. For evaluation, we used adversary behavior models defined in ATT&CK and Spaniel identified key indicators that cover 26% of those models.

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 34.200.248.66

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Yonamine, S.; Kadobayashi, Y.; Miyamoto, D. and Taenaka, Y. (2019). Towards Automated Characterization of Malware’s High-level Mechanism using Virtual Machine Introspection. In Proceedings of the 5th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-359-9; ISSN 2184-4356, SciTePress, pages 471-478. DOI: 10.5220/0007405504710478

@conference{icissp19,
author={Shun Yonamine. and Youki Kadobayashi. and Daisuke Miyamoto. and Yuzo Taenaka.},
title={Towards Automated Characterization of Malware’s High-level Mechanism using Virtual Machine Introspection},
booktitle={Proceedings of the 5th International Conference on Information Systems Security and Privacy - ICISSP},
year={2019},
pages={471-478},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007405504710478},
isbn={978-989-758-359-9},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 5th International Conference on Information Systems Security and Privacy - ICISSP
TI - Towards Automated Characterization of Malware’s High-level Mechanism using Virtual Machine Introspection
SN - 978-989-758-359-9
IS - 2184-4356
AU - Yonamine, S.
AU - Kadobayashi, Y.
AU - Miyamoto, D.
AU - Taenaka, Y.
PY - 2019
SP - 471
EP - 478
DO - 10.5220/0007405504710478
PB - SciTePress