Paper Abstract and Keywords |
Presentation |
2011-07-26 14:05
A visualization method of Windows OS malware using SOM Ruo Ando (NICT) NC2011-40 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
As commodity OS has compound funcions and utilities, malware's behavisor has become complicated. In security incident analysis, we need to specify the malware without detailed information about structre and parameter.
SOM (self organization map) is an algorithm of nonsupervised and makes
it possible to analyze the malware without expensive preprocessing.
In this paper we propose an interdomain communication protocol of XEN
virtual machine by involing emit instruction. DomainU can convey
information to hypervisor using virtual CPU context in an arbitrary point of Windows kernel by generating hypercall. In experiment, a security incident log of virtualized Windows OS is transferred to hypervisor of which log is visualized by self organization map. We show the result of classification of both dynamic and static log of malware. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
SOM / malware / virtualization / static log / bahavior log / / / |
Reference Info. |
IEICE Tech. Rep., vol. 111, no. 157, NC2011-40, pp. 109-114, July 2011. |
Paper # |
NC2011-40 |
Date of Issue |
2011-07-18 (NC) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
NC2011-40 |
Conference Information |
Committee |
NC |
Conference Date |
2011-07-25 - 2011-07-26 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
Graduate School of Engineering, Kobe University |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
Intelligent systems and general |
Paper Information |
Registration To |
NC |
Conference Code |
2011-07-NC |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
A visualization method of Windows OS malware using SOM |
Sub Title (in English) |
|
Keyword(1) |
SOM |
Keyword(2) |
malware |
Keyword(3) |
virtualization |
Keyword(4) |
static log |
Keyword(5) |
bahavior log |
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Ruo Ando |
1st Author's Affiliation |
National Institute of Information and Communication Technology (NICT) |
2nd Author's Name |
|
2nd Author's Affiliation |
() |
3rd Author's Name |
|
3rd Author's Affiliation |
() |
4th Author's Name |
|
4th Author's Affiliation |
() |
5th Author's Name |
|
5th Author's Affiliation |
() |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2011-07-26 14:05:00 |
Presentation Time |
25 minutes |
Registration for |
NC |
Paper # |
NC2011-40 |
Volume (vol) |
vol.111 |
Number (no) |
no.157 |
Page |
pp.109-114 |
#Pages |
6 |
Date of Issue |
2011-07-18 (NC) |
|