fusion malware perceive reminiscence mapper in core centric vm centred green computing domain

G.Suganya ,S.Sharmila

Published in International Journal of Advanced Research in Computer Science Engineering and Information Technology

ISSN: 2321-3337          Impact Factor:1.521         Volume:4         Issue:3         Year: 18 April,2015         Pages:397-402

International Journal of Advanced Research in Computer Science Engineering and Information Technology

Abstract

Kernel malwares can provide user level-malware characteristics with additional probabilities of hiding their malicious activities by altering the legitimate kernel behaviour of an operating system. Many research proceeds on malware hooking behaviour and defence and preventive actions for the same. Still an automated analysis of the actual malicious goals and patching the behaviour is not investigated properly. Fusion malware perceive reminiscence mapper provides an optimized solution to analyse windows kernel-level code and extract malicious behaviours from root kits, including sensitive data access, modification and triggers. A new technique which provides a combination of backward slicing option to check the mapped memory by slicing step by step in the kernel level. It will identify the malware influenced sensitive data and possible solution for this problem

Kewords

Kernel, malicious,triggers.

Reference

[1] M.Abadi, M.Budiu, Ú.Erlingsson and J.Ligatti, “Control-flow integrity: Principles, implementations and applications,” in Proc. 12th ACM Conf. CCS, Nov. 2005, pp. 1–4. [2] A.Baliga, V.Ganapathy and L.Iftode, “Automatic inference and enforcement of kernel data structure invariants,” in Proc. 24th ACSAC, Dec. 2008, pp. 77–86. [3] D.Balzarotti, M.Cova, C.Karlberger, C.Kruegel, E.Kirda. and G.Vigna, “Efficient detection of split personalities in malware,” in Proc. 17th Annu. NDSS, Feb. 2010, pp. 1–17. [4] U.Bayer, P.Milani Comparetti, C.Hlauscheck, C.Kruegel, and E.Kirda, “Scalable, behavior-based malware clustering,” in Proc. 16th Symp. NDSS, Feb. 2009, pp. 1–26. [5] F.Bellard, “QEMU: A fast and portable dynamic translator,” in Proc. USENIX Annu. Tech. Conf., Mar. 2005, pp. 41–46. [6] E.Buchanan, R.Roemer, H.Shacham, and S.Savage, “When good instructions go bad: Generalizing return-oriented programming to RISC,” in Proc. 15th ACM Conf. CCS, Oct. 2008, pp. 27–38. [7] J.Butler.(2012, Dec. 12). DKOM (Direct Kernel Object Manipulation) [Online]. Available: http://www.blackhat.com/presentations/winusa- 04/bh-win-04-butler.pdf [8] (2010). Bypassing Non-Executable-Stack During Exploitation Using Return-to-Libc [Online]. Available: http://www. citeulike.org/user/rvermeulen/author/Contex [9] M.Carbone, W.Cui, L.Lu, W.Lee, M.Peinado, and X.Jiang, “Mapping kernel objects to enable systematic integrity checking,” in Proc. 16th ACM Conf. CCS, Nov. 2009, pp. 555–565. [10] P.Chen, H.Xiao, X.Shen, X.Yin, B.Mao and L. Xie, “DROP: Detecting return-oriented programming malicious code,” in Proc. 5th ICISS, Dec. 2009, pp. 163–177.