Advanced malware and their impact on virtualization: A case study on hybrid feature extraction using deep memory introspection

Advanced malware and their impact on virtualization: A case study on hybrid feature extraction using deep memory introspection

연구 분야: Safety

학회: IC3-2022: Proceedings of the 2022 Fourteenth International Conference on Contemporary Computing

As pandemic has hit the world, virtualization has become the hot topic of today’s era. Almost every organization has shifted to the virtual environment (specially cloud computing). However, the security concerns in virtualization are the central issue for the researchers as well as organizations. Attackers use different tactics to exploit the vulnerabilities present in virtual components. In this paper, we provided a detailed study on the malware families & along with their impact on virtualization. In addition, malware log extraction using deep memory introspection has been explored. Various plugins have been explained, along with the variety of features that are essential for malware analysis purposes. A case study has also been provided using the testbed set up in our lab to provide the practical insight on deep memory introspection using open source tools such as LibVMI, DRAKVUF, etc., along with their usage to extract different features outside the VM at the hypervisor. We hope that our work will help readers to understand the malware logs and extract important features for malware analysis in a virtual environment.