Published in International Journal of Advanced Research in Computer Science Engineering and Information Technology
ISSN: 2321-3337 Impact Factor:1.521 Volume:4 Issue:3 Year: 18 April,2015 Pages:397-402
Kernel malwares can provide user level-malware characteristics with additional probabilities of hiding their malicious activities by altering the legitimate kernel behaviour of an operating system. Many research proceeds on malware hooking behaviour and defence and preventive actions for the same. Still an automated analysis of the actual malicious goals and patching the behaviour is not investigated properly. Fusion malware perceive reminiscence mapper provides an optimized solution to analyse windows kernel-level code and extract malicious behaviours from root kits, including sensitive data access, modification and triggers. A new technique which provides a combination of backward slicing option to check the mapped memory by slicing step by step in the kernel level. It will identify the malware influenced sensitive data and possible solution for this problem
Kernel, malicious,triggers.
[1] M.Abadi, M.Budiu, Ú.Erlingsson and J.Ligatti, “Control-flow integrity: Principles, implementations and applications,” in Proc. 12th ACM Conf. CCS, Nov. 2005, pp. 1–4. [2] A.Baliga, V.Ganapathy and L.Iftode, “Automatic inference and enforcement of kernel data structure invariants,” in Proc. 24th ACSAC, Dec. 2008, pp. 77–86. [3] D.Balzarotti, M.Cova, C.Karlberger, C.Kruegel, E.Kirda. and G.Vigna, “Efficient detection of split personalities in malware,” in Proc. 17th Annu. NDSS, Feb. 2010, pp. 1–17. [4] U.Bayer, P.Milani Comparetti, C.Hlauscheck, C.Kruegel, and E.Kirda, “Scalable, behavior-based malware clustering,” in Proc. 16th Symp. NDSS, Feb. 2009, pp. 1–26. [5] F.Bellard, “QEMU: A fast and portable dynamic translator,” in Proc. USENIX Annu. Tech. Conf., Mar. 2005, pp. 41–46. [6] E.Buchanan, R.Roemer, H.Shacham, and S.Savage, “When good instructions go bad: Generalizing return-oriented programming to RISC,” in Proc. 15th ACM Conf. CCS, Oct. 2008, pp. 27–38. [7] J.Butler.(2012, Dec. 12). DKOM (Direct Kernel Object Manipulation) [Online]. Available: http://www.blackhat.com/presentations/winusa- 04/bh-win-04-butler.pdf [8] (2010). Bypassing Non-Executable-Stack During Exploitation Using Return-to-Libc [Online]. Available: http://www. citeulike.org/user/rvermeulen/author/Contex [9] M.Carbone, W.Cui, L.Lu, W.Lee, M.Peinado, and X.Jiang, “Mapping kernel objects to enable systematic integrity checking,” in Proc. 16th ACM Conf. CCS, Nov. 2009, pp. 555–565. [10] P.Chen, H.Xiao, X.Shen, X.Yin, B.Mao and L. Xie, “DROP: Detecting return-oriented programming malicious code,” in Proc. 5th ICISS, Dec. 2009, pp. 163–177.