Abstract

Efficient detection of stealthy malware attacks in suspicious files is very challenging as dynamic malware analysis is time consuming. This paper proposes a virtual time control mechanics-based method to overcome the challenge. The proposed method utilizes a modified Xen hypervisor, in which a virtual clock source is generated according to a predefined speed ratio, such that sandbox systems running on the modified hypervisor can be accelerated. Thus, it does not modify operating system kernels nor intercept system function calls, and is therefore compatible with various operating systems. Further, it utilizes an entropy-based measure that adjusts its execution time according to various malware inputs as an early termination criterion. The results of experiments conducted to verify the efficacy of the proposed method indicate that it speeds up the system timer and significantly increases the logged record size by up to 42% or obtains the same log size within a shorter period compared with conventional sandboxes. Thus, the proposed virtual time control mechanics-based method efficiently detects nontrivial anomalous codes that may be neglected by conventional sandboxing techniques.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Dynamic Malware Analysis in the Modern Era—A State of the Art Survey
Ori Or-Meir ... Yuval Elovici
ACM Computing Surveys | VOL. 52
Ori Or-Meir, et. al.Ori Or-Meir ... Yuval Elovici
13 Sep 2019
Static and Dynamic Malware Analysis Using Machine Learning
Muhammad Ijaz ... Maliha Ismail
-
Muhammad Ijaz, et. al.Muhammad Ijaz ... Maliha Ismail
01 Jan 2019
Gerência de Identidades Federadas em Nuvens: Enfoque na Utilização de Soluções Abertas
Guilherme Feliciano ... Lucio Agostinho
-
Guilherme Feliciano, et. al.Guilherme Feliciano ... Lucio Agostinho
06 Nov 2011
Aprendizagem de Máquina para Segurança em Redes de Computadores: Métodos e Aplicações
Márcia Henke ... Clayton Santos
-
Márcia Henke, et. al.Márcia Henke ... Clayton Santos
06 Nov 2011
View more papers

More From: Computers & Security

Paper Title
Journal
Date
Author
Covert timing channel detection based on isolated binary trees
Yuwei Lin ... Xiaolong Zhuang
Computers & Security | VOL. -
Yuwei Lin, et. al.Yuwei Lin ... Xiaolong Zhuang
01 Nov 2024
Navigating Challenging Terrain Surrounding DoD Response to Homeland Attacks on Critical Infrastructure: Case Studies of Prior Incidents Utilizing an Extended Taxonomy of Cyber Harms
Louis Nolan ... Deanna House
Computers & Security | VOL. -
Louis Nolan, et. al.Louis Nolan ... Deanna House
01 Nov 2024
RanSMAP: Open dataset of Ransomware Storage and Memory Access Patterns for creating deep learning based ransomware detectors
Manabu Hirano ... Ryotaro Kobayashi
Computers & Security | VOL. -
Manabu Hirano, et. al.Manabu Hirano ... Ryotaro Kobayashi
01 Nov 2024
A Hybrid Ranking Algorithm for Secure and Efficient Iris Template Protection
Ali Hameed Y Mohammed ... Fiza Abdul Rahim
Computers & Security | VOL. -
Ali Hameed Y Mohammed, et. al.Ali Hameed Y Mohammed ... Fiza Abdul Rahim
01 Nov 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.