Hypervisor Memory Introspection and Hypervisor Based Malware Honeypot
| Autor: | Roee Leon, Raz Ben Yehuda, Nezer Jacob Zaidenberg, Amit Resh, Asaf Algawi, Michael Kiperberg |
|---|---|
| Rok vydání: | 2020 |
| Předmět: |
021110 strategic
defence & security studies Atomicity Software_OPERATINGSYSTEMS Honeypot Computer science 0211 other engineering and technologies Hypervisor 02 engineering and technology computer.software_genre Virtualization Memory forensics Mass storage 0202 electrical engineering electronic engineering information engineering Operating system Malware 020201 artificial intelligence & image processing Malware analysis computer |
| Zdroj: | Communications in Computer and Information Science ISBN: 9783030494421 ICISSP (Revised Selected Papers) |
| DOI: | 10.1007/978-3-030-49443-8_15 |
| Popis: | Memory acquisition is a tool used in advanced forensics and malware analysis. Various methods of memory acquisition exist. Such solutions are ranging from tools based on dedicated hardware to software-only solutions. We proposed a hypervisor based memory acquisition tool. [22]. Our method supports ASLR and Modern operating systems which is an innovation compared to past methods [27, 36]. We extend the hypervisor assisted memory acquisition by adding mass storage device honeypots for the malware to cross and propose hiding the hypervisor using bluepill technology. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|