TY - GEN
T1 - FindEvasion
T2 - 9th International Conference on Digital Forensics and Cyber Crime, ICDF2C 2017
AU - Jia, Xiaoqi
AU - Zhou, Guangzhe
AU - Huang, Qingjia
AU - Zhang, Weijuan
AU - Tian, Donghai
N1 - Publisher Copyright:
© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018.
PY - 2018
Y1 - 2018
N2 - In recent years, environment-sensitive malwares are growing rapidly and they pose significant threat to cloud platforms. They may maliciously occupy the computing resources and steal the tenants’ private data. The environment-sensitive malware can identify the operating environment and perform corresponding malicious behaviors in different environments. This greatly increased the difficulty of detection. At present, the research on automatic detection of environment-sensitive malwares is still rare, but it has attracted more and more attention. In this paper, we present FindEvasion, a cloud-oriented system for detecting environment-sensitive malware. Our FindEvasion system makes full use of the virtualization technology to transparently extract the suspicious programs from the tenants’ Virtual Machine (VM), and analyzes them on our multiple operating environments. We introduce a novel algorithm, named Mulitiple Behavioral Sequences Similarity (MBSS), to compare a suspicious program’s behavioral profiles observed in multiple analysis environments, and determine whether the suspicious program is an environment-sensitive malware or not. The experiment results show that our approach produces better detection results when compared with previous methods.
AB - In recent years, environment-sensitive malwares are growing rapidly and they pose significant threat to cloud platforms. They may maliciously occupy the computing resources and steal the tenants’ private data. The environment-sensitive malware can identify the operating environment and perform corresponding malicious behaviors in different environments. This greatly increased the difficulty of detection. At present, the research on automatic detection of environment-sensitive malwares is still rare, but it has attracted more and more attention. In this paper, we present FindEvasion, a cloud-oriented system for detecting environment-sensitive malware. Our FindEvasion system makes full use of the virtualization technology to transparently extract the suspicious programs from the tenants’ Virtual Machine (VM), and analyzes them on our multiple operating environments. We introduce a novel algorithm, named Mulitiple Behavioral Sequences Similarity (MBSS), to compare a suspicious program’s behavioral profiles observed in multiple analysis environments, and determine whether the suspicious program is an environment-sensitive malware or not. The experiment results show that our approach produces better detection results when compared with previous methods.
KW - Cloud security
KW - Environment-sensitive malware
KW - MBSS
KW - Multiple operating environments
KW - Transparent extraction
UR - http://www.scopus.com/inward/record.url?scp=85041111014&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-73697-6_1
DO - 10.1007/978-3-319-73697-6_1
M3 - Conference contribution
AN - SCOPUS:85041111014
SN - 9783319736969
T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
SP - 3
EP - 17
BT - Digital Forensics and Cyber Crime - 9th International Conference, ICDF2C 2017, Proceedings
A2 - Schmiedecker, Martin
A2 - Matousek, Petr
PB - Springer Verlag
Y2 - 9 October 2017 through 11 October 2017
ER -