Chrome Extension
WeChat Mini Program
Use on ChatGLM

HEMC: a Dynamic Behaviour Analysis System for Malware Based on Hardware Virtualisation.

INTERNATIONAL JOURNAL OF INFORMATION AND COMPUTER SECURITY(2023)

Univ Chinese Acad Sci | Chinese Acad Sci

Cited 0|Views17
Abstract
Since many malwares disguise themselves by encrypting, obfuscating and recompiling, it is not easy for static analysis methods to recognise new or unknown malwares. This paper proposes a novel dynamic analysis technology based on hardware virtualisation to analyse more malwares with lower computational resources. Firstly, it intercepts the system-call functions to achieve on-demand behaviour analysis by setting special permissions in their physical addresses, which can be dynamically acquired when system-call functions are loaded into memory, as well as only monitoring high-risk functions, which take a small part of the whole functions. Then, this paper utilises copy-on-write technique and incremental image capability to reduce hard drive consumption and hard disk replication time. Finally, this paper proposes a novel approach to capture the return value of system-call functions to deeply analyse the poisoned results of malware samples. Meanwhile, a prototype system, called HEMC, is implemented based on QEMU/KVM . The experiments demonstrate that proposed methods outperform existing methods in efficiency and performance on malware dynamic analysis.
More
Translated text
Key words
malware,dynamic analysis,hardware virtualisation,high-risk functions
求助PDF
上传PDF
Bibtex
AI Read Science
AI Summary
AI Summary is the key point extracted automatically understanding the full text of the paper, including the background, methods, results, conclusions, icons and other key content, so that you can get the outline of the paper at a glance.
Example
Background
Key content
Introduction
Methods
Results
Related work
Fund
Key content
  • Pretraining has recently greatly promoted the development of natural language processing (NLP)
  • We show that M6 outperforms the baselines in multimodal downstream tasks, and the large M6 with 10 parameters can reach a better performance
  • We propose a method called M6 that is able to process information of multiple modalities and perform both single-modal and cross-modal understanding and generation
  • The model is scaled to large model with 10 billion parameters with sophisticated deployment, and the 10 -parameter M6-large is the largest pretrained model in Chinese
  • Experimental results show that our proposed M6 outperforms the baseline in a number of downstream tasks concerning both single modality and multiple modalities We will continue the pretraining of extremely large models by increasing data to explore the limit of its performance
Upload PDF to Generate Summary
Must-Reading Tree
Example
Generate MRT to find the research sequence of this paper
Related Papers
Toni Grzinic, Eduardo Blazquez Gonzalez
2021

被引用6 | 浏览

Data Disclaimer
The page data are from open Internet sources, cooperative publishers and automatic analysis results through AI technology. We do not make any commitments and guarantees for the validity, accuracy, correctness, reliability, completeness and timeliness of the page data. If you have any questions, please contact us by email: report@aminer.cn
Chat Paper

要点】:本文提出了一种基于硬件虚拟化的恶意软件动态行为分析系统HEMC,旨在解决静态分析难以识别新 Unknown恶意软件的问题,通过硬件虚拟化技术实现高效的动态分析,降低计算资源消耗。

方法】:该系统通过拦截系统调用函数,设置特殊权限进行按需行为分析,并利用写时复制(copy-on-write)技术和增量快照功能减少硬盘消耗和复制时间。

实验】:在QEMU/KVM上实现的HEMC原型系统实验结果显示,该方法在恶意软件动态分析的效率和性能上优于现有技术。