To ease the analysis of potentially malicious programs, dynamic behavior-based techniques have been proposed in the literature. Unfortunately, these techniques often give incomplete results because the execution environments in which they are performed are synthetic and do not faithfully resemble the environments of end-users, the intended targets of the malicious activities. In this paper, we present a new framework for improving behavior-based analysis of suspicious programs. Our framework allows an end-user to delegate security labs, the cloud, the execution and the analysis of a program and to force the program to behave as if it were executed directly in the environment of the former. The evaluation demonstrated that the proposed framework allows security labs to improve the completeness of the analysis, by analyzing a piece of malware on behalf of multiple end-users simultaneously, while performing a fine-grained analysis of the behavior of the program with no computational cost for end-users.
A Framework for Behavior-Based Malware Analysis in the Cloud / L. Martignoni, R. Paleari, D. Bruschi - In: Information systems security : 5th international conference, ICISS 2009 Kolkata, India, December 14-18, 2009 proceedings / [a cura di] A. Prakash, I.S. Gupta. - New York : Springer, 2009. - ISBN 978-3-642-10771-9. - pp. 178-192 (( Intervento presentato al 5. convegno International Conference on Information Systems Security tenutosi a Kolkata, India nel 2009 [10.1007/978-3-642-10772-6_14].
A Framework for Behavior-Based Malware Analysis in the Cloud
L. Martignoni;R. Paleari;D. Bruschi
2009
Abstract
To ease the analysis of potentially malicious programs, dynamic behavior-based techniques have been proposed in the literature. Unfortunately, these techniques often give incomplete results because the execution environments in which they are performed are synthetic and do not faithfully resemble the environments of end-users, the intended targets of the malicious activities. In this paper, we present a new framework for improving behavior-based analysis of suspicious programs. Our framework allows an end-user to delegate security labs, the cloud, the execution and the analysis of a program and to force the program to behave as if it were executed directly in the environment of the former. The evaluation demonstrated that the proposed framework allows security labs to improve the completeness of the analysis, by analyzing a piece of malware on behalf of multiple end-users simultaneously, while performing a fine-grained analysis of the behavior of the program with no computational cost for end-users.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
