Automatic Discovery of Parasitic Malware

9 years 26 days ago
Automatic Discovery of Parasitic Malware
Malicious software includes functionality designed to block discovery or analysis by defensive utilities. To prevent correct attribution of undesirable behaviors to the malware, it often subverts the normal execution of benign processes by modifying their in-memory code images to include malicious activity. It is important to find not only maliciouslyacting benign processes, but also the actual parasitic malware that may have infected those processes. In this paper, we present techniques for automatic discovery of unknown parasitic malware present on an infected system. We design and develop a hypervisor-based system, Pyren´ee, that aggregates and correlates information from sensors at the network level, the network-to-host boundary, and the host level so that we correctly identify the true origin of malicious behavior. We demonstrate the effectiveness of our architecture with security and performance evaluations on a Windows system: we identified all malicious binaries in tests wi...
Abhinav Srivastava, Jonathon T. Giffin
Added 30 Jan 2011
Updated 30 Jan 2011
Type Journal
Year 2010
Where RAID
Authors Abhinav Srivastava, Jonathon T. Giffin
Comments (0)