Presentation | 2011-07-26 A visualization method of Windows OS malware using SOM Ruo ANDO, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | As commodity OS has compound funcions and utilities, malware's behavisor has become complicated. In security incident analysis, we need to specify the malware without detailed information about structre and parameter. SOM (self organization map) is an algorithm of nonsupervised and makes it possible to analyze the malware without expensive preprocessing. In this paper we propose an interdomain communication protocol of XEN virtual machine by involing emit instruction. DomainU can convey information to hypervisor using virtual CPU context in an arbitrary point of Windows kernel by generating hypercall. In experiment, a security incident log of virtualized Windows OS is transferred to hypervisor of which log is visualized by self organization map. We show the result of classification of both dynamic and static log of malware. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | Self organization map / analyzing malware / virtualization / static log / behavior log |
Paper # | NC2011-40 |
Date of Issue |
Conference Information | |
Committee | NC |
---|---|
Conference Date | 2011/7/18(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Neurocomputing (NC) |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | A visualization method of Windows OS malware using SOM |
Sub Title (in English) | |
Keyword(1) | Self organization map |
Keyword(2) | analyzing malware |
Keyword(3) | virtualization |
Keyword(4) | static log |
Keyword(5) | behavior log |
1st Author's Name | Ruo ANDO |
1st Author's Affiliation | National Institute of Information and Communications Technology, Information Security Research Center() |
Date | 2011-07-26 |
Paper # | NC2011-40 |
Volume (vol) | vol.111 |
Number (no) | 157 |
Page | pp.pp.- |
#Pages | 6 |
Date of Issue |