A High-Efficiency and Comprehensive Dynamic Behavior Analysis System for Malware based on Hardware Virtualization

A High-Efficiency and Comprehensive Dynamic Behavior Analysis System for Malware based on Hardware Virtualization

연구 분야: Strategies

학회: 2020 IEEE 22nd International Conference on High Performance Computing and Communications; IEEE 18th International Conference on Smart City; IEEE 6th International Conference on Data Science and Systems (HPCC/SmartCity/DSS)

To detect malware, one of the severe security threats, malware behavior analysis has become one of the hottest topics. Generally speaking, static analysis and dynamic analysis are two widely used methods. However, static analysis performs poor since the threat signatures are always hidden deeply by the malware. On the other hand, dynamic analysis, which demands high computational resource, is limited by the available physical resources, especially when facing a large number of malware samples.In this paper, we propose a novel dynamic analysis technology based on hardware virtualization to mitigate those problems. First, we present a technique that reduces the resource consumption by only monitoring the high-risk kernel-mode functions and user-mode functions, which take a small part of entire functions. In addition, we propose a method to monitor the return value of those high-risk functions to deeply analyze the poisoned result of the malware samples. Finally, a prototype system called HEMC is implemented on the QEMU/KVM. The experimental results show that our dynamic analysis technology performs well on malware analysis in providing integrated behavior from attack action to attack result.