Hypervisor-assisted dynamic malware analysis

Roee S. Leon; Michael Kiperberg; Anat Anatey Leon Zabag; Nezer Jacob Zaidenberg

doi:10.1186/s42400-021-00083-9

Cybersecurity (Jun 2021)

Hypervisor-assisted dynamic malware analysis

Roee S. Leon,
Michael Kiperberg,
Anat Anatey Leon Zabag,
Nezer Jacob Zaidenberg

Affiliations

Roee S. Leon: Shenkar College
Michael Kiperberg: Department of Software Engineering, Shamoon College of Engineering
Anat Anatey Leon Zabag: Department of Software Engineering, Shamoon College of Engineering
Nezer Jacob Zaidenberg: College of Management Academic Studies

DOI: https://doi.org/10.1186/s42400-021-00083-9
Journal volume & issue: Vol. 4, no. 1
pp. 1 – 14

Abstract

Read online

Abstract Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.

Published in Cybersecurity

ISSN: 2523-3246 (Online)
Publisher: SpringerOpen
Country of publisher: Singapore
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Electronics: Computer engineering. Computer hardware; Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: https://cybersecurity.springeropen.com/

About the journal