Towards the automated detection of unknown malware on live systems

Gabor Pek, L. Buttyán

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

In this paper, we propose a new system monitoring framework that can serve as an enabler for automated malware detection on live systems. Our approach takes advantage of the increased availability of hardware assisted virtualization capabilities of modern CPUs, and its basic novelty consists in launching a hypervisor layer on the live system without stopping and restarting it. This hypervisor runs at a higher privilege level than the OS itself, thus, it can be used to observe the behavior of the analyzed system in a transparent manner. For this purpose, we also propose a novel system call tracing method that is designed to be configurable in terms of transparency and granularity.

Original languageEnglish
Title of host publication2014 IEEE International Conference on Communications, ICC 2014
PublisherIEEE Computer Society
Pages847-852
Number of pages6
ISBN (Print)9781479920037
DOIs
Publication statusPublished - 2014
Event2014 1st IEEE International Conference on Communications, ICC 2014 - Sydney, NSW, Australia
Duration: Jun 10 2014Jun 14 2014

Other

Other2014 1st IEEE International Conference on Communications, ICC 2014
CountryAustralia
CitySydney, NSW
Period6/10/146/14/14

Fingerprint

Launching
Transparency
Computer hardware
Program processors
Availability
Monitoring
Virtualization
Malware

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Pek, G., & Buttyán, L. (2014). Towards the automated detection of unknown malware on live systems. In 2014 IEEE International Conference on Communications, ICC 2014 (pp. 847-852). [6883425] IEEE Computer Society. https://doi.org/10.1109/ICC.2014.6883425

Towards the automated detection of unknown malware on live systems. / Pek, Gabor; Buttyán, L.

2014 IEEE International Conference on Communications, ICC 2014. IEEE Computer Society, 2014. p. 847-852 6883425.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Pek, G & Buttyán, L 2014, Towards the automated detection of unknown malware on live systems. in 2014 IEEE International Conference on Communications, ICC 2014., 6883425, IEEE Computer Society, pp. 847-852, 2014 1st IEEE International Conference on Communications, ICC 2014, Sydney, NSW, Australia, 6/10/14. https://doi.org/10.1109/ICC.2014.6883425
Pek G, Buttyán L. Towards the automated detection of unknown malware on live systems. In 2014 IEEE International Conference on Communications, ICC 2014. IEEE Computer Society. 2014. p. 847-852. 6883425 https://doi.org/10.1109/ICC.2014.6883425
Pek, Gabor ; Buttyán, L. / Towards the automated detection of unknown malware on live systems. 2014 IEEE International Conference on Communications, ICC 2014. IEEE Computer Society, 2014. pp. 847-852
@inproceedings{8c2856bfef074e009843d625b58e4e9e,
title = "Towards the automated detection of unknown malware on live systems",
abstract = "In this paper, we propose a new system monitoring framework that can serve as an enabler for automated malware detection on live systems. Our approach takes advantage of the increased availability of hardware assisted virtualization capabilities of modern CPUs, and its basic novelty consists in launching a hypervisor layer on the live system without stopping and restarting it. This hypervisor runs at a higher privilege level than the OS itself, thus, it can be used to observe the behavior of the analyzed system in a transparent manner. For this purpose, we also propose a novel system call tracing method that is designed to be configurable in terms of transparency and granularity.",
author = "Gabor Pek and L. Butty{\'a}n",
year = "2014",
doi = "10.1109/ICC.2014.6883425",
language = "English",
isbn = "9781479920037",
pages = "847--852",
booktitle = "2014 IEEE International Conference on Communications, ICC 2014",
publisher = "IEEE Computer Society",

}

TY - GEN

T1 - Towards the automated detection of unknown malware on live systems

AU - Pek, Gabor

AU - Buttyán, L.

PY - 2014

Y1 - 2014

N2 - In this paper, we propose a new system monitoring framework that can serve as an enabler for automated malware detection on live systems. Our approach takes advantage of the increased availability of hardware assisted virtualization capabilities of modern CPUs, and its basic novelty consists in launching a hypervisor layer on the live system without stopping and restarting it. This hypervisor runs at a higher privilege level than the OS itself, thus, it can be used to observe the behavior of the analyzed system in a transparent manner. For this purpose, we also propose a novel system call tracing method that is designed to be configurable in terms of transparency and granularity.

AB - In this paper, we propose a new system monitoring framework that can serve as an enabler for automated malware detection on live systems. Our approach takes advantage of the increased availability of hardware assisted virtualization capabilities of modern CPUs, and its basic novelty consists in launching a hypervisor layer on the live system without stopping and restarting it. This hypervisor runs at a higher privilege level than the OS itself, thus, it can be used to observe the behavior of the analyzed system in a transparent manner. For this purpose, we also propose a novel system call tracing method that is designed to be configurable in terms of transparency and granularity.

UR - http://www.scopus.com/inward/record.url?scp=84906996495&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84906996495&partnerID=8YFLogxK

U2 - 10.1109/ICC.2014.6883425

DO - 10.1109/ICC.2014.6883425

M3 - Conference contribution

AN - SCOPUS:84906996495

SN - 9781479920037

SP - 847

EP - 852

BT - 2014 IEEE International Conference on Communications, ICC 2014

PB - IEEE Computer Society

ER -