isrjournals
User Sign in    Editor Sign in

hybrid malware detect memory mapper in kernel centric vm based green computing world

V. Nandhini,

Published in International Journal of Advanced Research in Computer Science Engineering and Information Technology

ISSN: 2321-3337          Impact Factor:1.521         Volume:5         Issue:2         Year: 09 April,2015         Pages:391-396

International Journal of Advanced Research in Computer Science Engineering and Information Technology

Abstract

Kernel malwares will offer user level-malware characteristics with an extra chances of concealment their malicious activities by sterilization the legitimate kernel behavior of operating system. Several analysis take on malware hook behavior and defense and preventive actions for constant. Still, an automatic analysis of the particular malicious goals and fix the behavior isn't investigated properly.Hybrid Malware detect memory Mapped provides an optimized solution to analyze windows kernel-level code and extract malicious behaviors from root kits, including sensitive data access, modification and triggers A new technique that provides a mix of backward slicing choice to check the mapped memory by slicing step by step within the kernel level. It will determine the malware influenced sensitive information and attainable resolution for this drawback

Kewords

Kernel, sterilization, triggers

Reference

[1] M. Abadi, M. Budiu, Ú. Erlingsson, and J. Ligatti, “Control-flow integrity: Principles, implementations, and applications,” in Proc. 12thACM Conf. CCS, Nov. 2005, pp. 1–4. [2] A. Baliga, V. Ganapathy, and L. Iftode, “Automatic inference and enforcement of kernel data structure invariants,” in Proc. 24th ACSAC, Dec. 2008, pp. 77–86. [3] D. Balzarotti, M. Cova, C. Karlberger, C. Kruegel, E. Kirda, and G. Vigna, “Efficient detection of split personalities in malware,” in Proc.17th Annu. NDSS, Feb. 2010, pp. 1–17. [4] U. Bayer, P. Milani Comparetti, C. Hlauscheck, C. Kruegel, and E. Kirda, “Scalable, behavior-based malware clustering,” in Proc. 16thSymp. NDSS, Feb. 2009, pp. 1–26. [5] F. Bellard, “QEMU: A fast and portable dynamic translator,” in Proc. USENIX Annu. Tech. Conf., Mar. 2005, pp. 41–46. [6] E. Buchanan, R. Roemer, H. Shacham, and S. Savage, “When good instructions go bad: Generalizing return-oriented programming to RISC,” in Proc. 15th ACM Conf. CCS, Oct. 2008, pp. 27–38. [7] J. Butler. (2012, Dec. 12). DKOM (Direct Kernel Object Manipulation) [Online]. Available: http://www.blackhat.com/presentations/winusa- 04/bh-win-04-butler.pdf. [8] (2010). Bypassing Non-Executable-Stack During Exploitation Using Return-to-Libc [Online]. Available: http://www.citeulike.org/user/rvermeulen/author/C0ntex [9] M. Carbone, W. Cui, L. Lu,W. Lee, M. Peinado, and X. Jiang, “Mapping kernel objects to enable systematic integrity checking,” in Proc. 16thACM Conf. CCS, Nov. 2009, pp. 555–565. [10] P. Chen, H. Xiao, X. Shen, X. Yin, B. Mao, and L. Xie, “DROP: Detecting return-oriented programming malicious code,” in Proc. 5thICISS, Dec. 2009, pp. 163–177.