JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Research on Utilizing Emulab for Malware Analysis
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Research on Utilizing Emulab for Malware Analysis
Lee, Man-hee; Seok, Woo-jin;
  PDF(new window)
 Abstract
Virtual environment is widely used for analyzing malware which is increasing very rapidly. However, knowing this trend, hackers are adopting virtual environment detection techniques for malware to kill itself or stop malicious behaviors when detecting virtual environments. Various research is going on in order to thwart any efforts to utilize anti-virtualization techniques, but until now several techniques can evade most of well known virtual environments, making malware analysis very difficult. Emulab developed by Utah University assigns real systems and networks as researchers want in realtime. This research seeks how to use Emulab for malware analysis.
 Keywords
Cyber security;Emulab;Virtualization;Malware analysis;
 Language
Korean
 Cited by
 References
1.
2014 Malware Damages, ITWORLD, http://www.itworld.co.kr/news/86687

2.
Malware creation increasing, Trojans most popular attack, TrendMicro, http://blog.trendmicro.com/malware-creation-increasing-trojans-popular-attack/

3.
New malware numbers jump sharply in 2014, DIGITAL TRENDS, http://www.digitaltrends.com/computing/pc-malware -rise-warn-security-firms/

4.
R.L. Sites, A. Chernoff, M.B. Kirk, M.P. Marks, and S.G. Robinson, "Binary translation," Communications of the ACM, vol. 36, no. 2, pp. 69-81, Feb. 1993.

5.
Joel Auslander, Matthai Philipose, Craig Chambers, Susan J. Eggers, Brian N. Bershad, "Fast, effective dynamic compilation," Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation, pp. 149-159, May 1996.

6.
Intel Virtualization Technology, Intel Corp., http://www.intel.com/content /www/us/en/virtualization/virtualization-technology/intel-virtualization-technolo gy.html

7.
AMD Virtualization, AMD, http://www.amd.com/en-us/solutions/servers/virtualization

8.
P. Ferrie, "Attacks on virtual machine emulators," Symantec Security Response, Dec. 2006

9.
On the Cutting Edge: Thwarting Virtual Machine Detection, http:// handlers.sans.org/tliston/ThwartingVMDetection_L iston_Skoudis.pdf, 2006

10.
Blue Pill Project, http://web.archive.org/web/20080418123748/http://www.blue pillproject.org/

11.
Utah Emulab; Network Emulation Testbed Home, http://www.emulab.net/

12.
KISTI Emulab; Network Emulation Test bed Home, http://www.emulab.kreonet.net/

13.
M. Lee and W. Seok, "Research on the Trend of Utilizing Emulab as Cyber Security Research Framework," Journal of the Korea Institute of Information Security and Cryptology, 23(6), pp. 1169-1180, Dec. 2013. crossref(new window)

14.
Using the RDTSC Instruction for Performance Monitoring, Intel Corp., https://www.ccsl.carleton.ca/-jamuir/rdtscpm1.pdf

15.
Thompson, Christopher, Maria Huntley, and Chad Link, "Virtualization detection: New strategies and their effectiveness," http://www-users.cs.umn.edu/cthomp/papers/vmm-detect-201.

16.
D. Quist and V. Smith, "Detecting the Presence of Virtual Machines Using the Local Data Table," http://www. offensivecomputing.net/files/active/0/vm.pdf

17.
X. Chen, J. Andersen, Z. Mao, M. Bailey, and J. Nazario, "Towards an understanding of anti-virtualization and anti- debugging behavior in modern malware," Proceedings of Dependable Systems and Networks (DSN), pp. 177-186, June 2008.

18.
Pafish, https://github.com/a0rtega/pafish

19.
M. Lindorfer, C. Kolbitsch, and P.M. Comparetti. "Detecting Environment - Sensitive Malware," Proceedings of Symposium on Recent Advances in Intrusion Detection (RAID), pp. 338-357, Sep. 2011.

20.
N. M. Johnson, J. Caballero, K. Z. Chen, S. McCamant, P. Poosankam, D. Reynaud, and D. Song, "Differential slicing: Identifying causal execution differences for security applications," Proceedings of IEEE Symposium on Security and Privacy, pp. 347-362, May 2011.

21.
D. Kirat, G. Vigna, and C. Kruegel, "Barecloud: bare-metal analysis-based evasive malware detection," Proceedings of the 23rd USENIX conference on Security Symposium, pp. 287-301, Aug. 2014.

22.
D. Kirat and G. Vigna, "MalGene: Automatic Extraction of Malware Analysis Evasion Signature," Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 769-780, Oct. 2015.