Abstract
We are developing Alkanet, a system call tracer for malware analysis. However, recent malware infects other processes. Others consist of two or more modules or plug-ins. It is difficult to trace these malware because traditional methods focus on threads or processes. Getting the system call invoker by stack tracing is a traditional method to solve this problem. However, if malware has falsified its stack, this method cannot identify it correctly. In this paper, we describe a method for identifying a system call invoker by branch trace facilities. We consider the effectiveness of branch trace facilities for malware analysis.
| Original language | English |
|---|---|
| Title of host publication | IMECS 2015 - International MultiConference of Engineers and Computer Scientists 2015 |
| Publisher | Newswood Limited |
| Pages | 145-151 |
| Number of pages | 7 |
| Volume | 1 |
| ISBN (Electronic) | 9789881925329 |
| Publication status | Published - 2015 |
| Externally published | Yes |
| Event | International MultiConference of Engineers and Computer Scientists 2015, IMECS 2015 - Tsimshatsui, Kowloon, Hong Kong Duration: Mar 18 2015 → Mar 20 2015 |
Other
| Other | International MultiConference of Engineers and Computer Scientists 2015, IMECS 2015 |
|---|---|
| Country | Hong Kong |
| City | Tsimshatsui, Kowloon |
| Period | 3/18/15 → 3/20/15 |
Fingerprint
All Science Journal Classification (ASJC) codes
- Computer Science (miscellaneous)
Cite this
Otsuki, Y., Takimoto, E., Saito, S., Cooper, E. W., & Mouri, K. (2015). Identifying system calls invoked by malware using branch trace facilities. In IMECS 2015 - International MultiConference of Engineers and Computer Scientists 2015 (Vol. 1, pp. 145-151). Newswood Limited.