Identifying system calls invoked by malware using branch trace facilities

Yuto Otsuki, Eiji Takimoto, Shoichi Saito, Eric W. Cooper, Koichi Mouri

研究成果: Chapter in Book/Report/Conference proceedingConference contribution

1 被引用数 (Scopus)

抄録

We are developing Alkanet, a system call tracer for malware analysis. However, recent malware infects other processes. Others consist of two or more modules or plug-ins. It is difficult to trace these malware because traditional methods focus on threads or processes. Getting the system call invoker by stack tracing is a traditional method to solve this problem. However, if malware has falsified its stack, this method cannot identify it correctly. In this paper, we describe a method for identifying a system call invoker by branch trace facilities. We consider the effectiveness of branch trace facilities for malware analysis.

本文言語英語
ホスト出版物のタイトルIMECS 2015 - International MultiConference of Engineers and Computer Scientists 2015
出版社Newswood Limited
ページ145-151
ページ数7
1
ISBN(電子版)9789881925329
出版ステータス出版済み - 2015
外部発表はい
イベントInternational MultiConference of Engineers and Computer Scientists 2015, IMECS 2015 - Tsimshatsui, Kowloon, 香港
継続期間: 3 18 20153 20 2015

その他

その他International MultiConference of Engineers and Computer Scientists 2015, IMECS 2015
国/地域香港
CityTsimshatsui, Kowloon
Period3/18/153/20/15

All Science Journal Classification (ASJC) codes

  • コンピュータ サイエンス(その他)

フィンガープリント

「Identifying system calls invoked by malware using branch trace facilities」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル