A1 Journal article (refereed)
Hypervisor-assisted dynamic malware analysis (2021)

Leon, R. S., Kiperberg, M., Zabag, A. A. L., & Zaidenberg, N. J. (2021). Hypervisor-assisted dynamic malware analysis. Cybersecurity, 4, Article 19. https://doi.org/10.1186/s42400-021-00083-9

JYU authors or editors

Publication details

All authors or editors: Leon, Roee S.; Kiperberg, Michael; Zabag, Anat Anatey Leon; Zaidenberg, Nezer Jacob

Journal or series: Cybersecurity

eISSN: 2523-3246

Publication year: 2021

Publication date: 02/06/2021

Volume: 4

Article number: 19

Publisher: Springer

Publication country: Singapore

Publication language: English

DOI: https://doi.org/10.1186/s42400-021-00083-9

Publication open access: Openly available

Publication channel open access: Open Access channel

Publication is parallel published (JYX): https://jyx.jyu.fi/handle/123456789/76199

Abstract

Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.

Keywords: cyber security; malware; data security; virtualisation

Contributing organizations

Ministry reporting: Yes

VIRTA submission year: 2021

JUFO rating: 1