Identifying system calls invoked by malware using branch trace facilities

Yuto Otsuki, Eiji Takimoto, Shoichi Saito, Eric W. Cooper, Koichi Mouri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

We are developing Alkanet, a system call tracer for malware analysis. However, recent malware infects other processes. Others consist of two or more modules or plug-ins. It is difficult to trace these malware because traditional methods focus on threads or processes. Getting the system call invoker by stack tracing is a traditional method to solve this problem. However, if malware has falsified its stack, this method cannot identify it correctly. In this paper, we describe a method for identifying a system call invoker by branch trace facilities. We consider the effectiveness of branch trace facilities for malware analysis.

Original languageEnglish
Title of host publicationIMECS 2015 - International MultiConference of Engineers and Computer Scientists 2015
PublisherNewswood Limited
Pages145-151
Number of pages7
Volume1
ISBN (Electronic)9789881925329
Publication statusPublished - 2015
Externally publishedYes
EventInternational MultiConference of Engineers and Computer Scientists 2015, IMECS 2015 - Tsimshatsui, Kowloon, Hong Kong
Duration: Mar 18 2015Mar 20 2015

Other

OtherInternational MultiConference of Engineers and Computer Scientists 2015, IMECS 2015
CountryHong Kong
CityTsimshatsui, Kowloon
Period3/18/153/20/15

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Computer Science (miscellaneous)

Cite this

Otsuki, Y., Takimoto, E., Saito, S., Cooper, E. W., & Mouri, K. (2015). Identifying system calls invoked by malware using branch trace facilities. In IMECS 2015 - International MultiConference of Engineers and Computer Scientists 2015 (Vol. 1, pp. 145-151). Newswood Limited.