Identifying system calls invoked by malware using branch trace facilities

Yuto Otsuki, Eiji Takimoto, Shoichi Saito, Eric W. Cooper, Koichi Mouri

研究成果: Chapter in Book/Report/Conference proceedingConference contribution

1 引用 (Scopus)

抜粋

We are developing Alkanet, a system call tracer for malware analysis. However, recent malware infects other processes. Others consist of two or more modules or plug-ins. It is difficult to trace these malware because traditional methods focus on threads or processes. Getting the system call invoker by stack tracing is a traditional method to solve this problem. However, if malware has falsified its stack, this method cannot identify it correctly. In this paper, we describe a method for identifying a system call invoker by branch trace facilities. We consider the effectiveness of branch trace facilities for malware analysis.

元の言語英語
ホスト出版物のタイトルIMECS 2015 - International MultiConference of Engineers and Computer Scientists 2015
出版者Newswood Limited
ページ145-151
ページ数7
1
ISBN(電子版)9789881925329
出版物ステータス出版済み - 2015
外部発表Yes
イベントInternational MultiConference of Engineers and Computer Scientists 2015, IMECS 2015 - Tsimshatsui, Kowloon, 香港
継続期間: 3 18 20153 20 2015

その他

その他International MultiConference of Engineers and Computer Scientists 2015, IMECS 2015
香港
Tsimshatsui, Kowloon
期間3/18/153/20/15

All Science Journal Classification (ASJC) codes

  • Computer Science (miscellaneous)

フィンガープリント Identifying system calls invoked by malware using branch trace facilities' の研究トピックを掘り下げます。これらはともに一意のフィンガープリントを構成します。

  • これを引用

    Otsuki, Y., Takimoto, E., Saito, S., Cooper, E. W., & Mouri, K. (2015). Identifying system calls invoked by malware using branch trace facilities. : IMECS 2015 - International MultiConference of Engineers and Computer Scientists 2015 (巻 1, pp. 145-151). Newswood Limited.