Presentation | 2012-07-19 Identifying the Code to be Analyzed with Taing Tags Yuhei KAWAKOYA, Makoto IWAMURA, Takeo HARIU, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | Executing and analyzing malware in a virtual machine is an approach widely used for understanding the behaviors of malware. In such a case, since there are multiple processes running in a virtual machine, making a correct distinction between target processes and the others is a requirement. Process IDs, CR3 register, or memory address, i.e. OS semantics information, are usually used for making the distinction. In this paper, we propose an approach for identifying the targeted program to be analyzed using taint tags. Our approach makes it possible to correctly identify the code targeted for analysis without depending on the guest OS. To demonstrate the effectiveness of our approach, we have conducted experiments with various versions of Windows and Linux as the guest OS. The results show our approach is capable of correctly identifying the code to be analyzed, even with different OSes. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | Malware / Dynamic Analysis / Taint Tag / Virtual Machine / Semantic Gap |
Paper # | ISEC2012-20,SITE2012-16,ICSS2012-22,EMM2012-12 |
Date of Issue |
Conference Information | |
Committee | ISEC |
---|---|
Conference Date | 2012/7/12(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Information Security (ISEC) |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | Identifying the Code to be Analyzed with Taing Tags |
Sub Title (in English) | |
Keyword(1) | Malware |
Keyword(2) | Dynamic Analysis |
Keyword(3) | Taint Tag |
Keyword(4) | Virtual Machine |
Keyword(5) | Semantic Gap |
1st Author's Name | Yuhei KAWAKOYA |
1st Author's Affiliation | NTT Secure Platform Labratories() |
2nd Author's Name | Makoto IWAMURA |
2nd Author's Affiliation | NTT Secure Platform Labratories |
3rd Author's Name | Takeo HARIU |
3rd Author's Affiliation | NTT Secure Platform Labratories |
Date | 2012-07-19 |
Paper # | ISEC2012-20,SITE2012-16,ICSS2012-22,EMM2012-12 |
Volume (vol) | vol.112 |
Number (no) | 126 |
Page | pp.pp.- |
#Pages | 6 |
Date of Issue |