Abstract
We are developing Alkanet, a system call tracer for malware analysis. However, recent malware infects other processes. Others consist of two or more modules or plug-ins. It is difficult to trace these malware because traditional methods focus on threads or processes. Getting the system call invoker by stack tracing is a traditional method to solve this problem. However, if malware has falsified its stack, this method cannot identify it correctly. In this paper, we describe a method for identifying a system call invoker by branch trace facilities. We consider the effectiveness of branch trace facilities for malware analysis.
Original language | English |
---|---|
Title of host publication | IMECS 2015 - International MultiConference of Engineers and Computer Scientists 2015 |
Publisher | Newswood Limited |
Pages | 145-151 |
Number of pages | 7 |
Volume | 1 |
ISBN (Electronic) | 9789881925329 |
Publication status | Published - 2015 |
Externally published | Yes |
Event | International MultiConference of Engineers and Computer Scientists 2015, IMECS 2015 - Tsimshatsui, Kowloon, Hong Kong Duration: Mar 18 2015 → Mar 20 2015 |
Other
Other | International MultiConference of Engineers and Computer Scientists 2015, IMECS 2015 |
---|---|
Country | Hong Kong |
City | Tsimshatsui, Kowloon |
Period | 3/18/15 → 3/20/15 |
All Science Journal Classification (ASJC) codes
- Computer Science (miscellaneous)