Successive memory image analysis method for malicious codes
In order to detect the behavior of malicious code more comprehensively, the technology of continuous memory image analysis was proposed. The core idea was to run malicious code in QEMU virtual machine, to obtain the memory image of the continuous increment in the running period, and then to analyze...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2017-02-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2017.00144 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841530332037251072 |
|---|---|
| author | Wei-ming LI De-qing ZOU Guo-zhong SUN |
| author_facet | Wei-ming LI De-qing ZOU Guo-zhong SUN |
| author_sort | Wei-ming LI |
| collection | DOAJ |
| description | In order to detect the behavior of malicious code more comprehensively, the technology of continuous memory image analysis was proposed. The core idea was to run malicious code in QEMU virtual machine, to obtain the memory image of the continuous increment in the running period, and then to analyze the memory image of the base and increment as the memory image. On the basis of the analysis of a single memory image, different memory images were analysised comparatively. At the same time, the visualization tool D3.js was used to visually display the change of the memory state in the process of system operation. Finally, the prototype system was tested by 40 kinds of malicious code samples, and the number of malicious code behavior was increased by 19.7% than traditional sin-gle memory image. |
| format | Article |
| id | doaj-art-e78bb2786e794a869cc12e5073b97e83 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2017-02-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-e78bb2786e794a869cc12e5073b97e832025-01-15T03:05:29ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2017-02-013203059549720Successive memory image analysis method for malicious codesWei-ming LIDe-qing ZOUGuo-zhong SUNIn order to detect the behavior of malicious code more comprehensively, the technology of continuous memory image analysis was proposed. The core idea was to run malicious code in QEMU virtual machine, to obtain the memory image of the continuous increment in the running period, and then to analyze the memory image of the base and increment as the memory image. On the basis of the analysis of a single memory image, different memory images were analysised comparatively. At the same time, the visualization tool D3.js was used to visually display the change of the memory state in the process of system operation. Finally, the prototype system was tested by 40 kinds of malicious code samples, and the number of malicious code behavior was increased by 19.7% than traditional sin-gle memory image.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2017.00144malwarememory imagecomparative analysisdata visualization |
| spellingShingle | Wei-ming LI De-qing ZOU Guo-zhong SUN Successive memory image analysis method for malicious codes 网络与信息安全学报 malware memory image comparative analysis data visualization |
| title | Successive memory image analysis method for malicious codes |
| title_full | Successive memory image analysis method for malicious codes |
| title_fullStr | Successive memory image analysis method for malicious codes |
| title_full_unstemmed | Successive memory image analysis method for malicious codes |
| title_short | Successive memory image analysis method for malicious codes |
| title_sort | successive memory image analysis method for malicious codes |
| topic | malware memory image comparative analysis data visualization |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2017.00144 |
| work_keys_str_mv | AT weimingli successivememoryimageanalysismethodformaliciouscodes AT deqingzou successivememoryimageanalysismethodformaliciouscodes AT guozhongsun successivememoryimageanalysismethodformaliciouscodes |