Published in International Journal of Advanced Research in Computer Science Engineering and Information Technology
ISSN: 2321-3337 Impact Factor:1.521 Volume:5 Issue:2 Year: 09 April,2015 Pages:391-396
Kernel malwares will offer user level-malware characteristics with an extra chances of concealment their malicious activities by sterilization the legitimate kernel behavior of operating system. Several analysis take on malware hook behavior and defense and preventive actions for constant. Still, an automatic analysis of the particular malicious goals and fix the behavior isn't investigated properly.Hybrid Malware detect memory Mapped provides an optimized solution to analyze windows kernel-level code and extract malicious behaviors from root kits, including sensitive data access, modification and triggers A new technique that provides a mix of backward slicing choice to check the mapped memory by slicing step by step within the kernel level. It will determine the malware influenced sensitive information and attainable resolution for this drawback
Kernel, sterilization, triggers
[1] M. Abadi, M. Budiu, Ú. Erlingsson, and J. Ligatti, “Control-flow integrity: Principles, implementations, and applications,” in Proc. 12thACM Conf. CCS, Nov. 2005, pp. 1–4. [2] A. Baliga, V. Ganapathy, and L. Iftode, “Automatic inference and enforcement of kernel data structure invariants,” in Proc. 24th ACSAC, Dec. 2008, pp. 77–86. [3] D. Balzarotti, M. Cova, C. Karlberger, C. Kruegel, E. Kirda, and G. Vigna, “Efficient detection of split personalities in malware,” in Proc.17th Annu. NDSS, Feb. 2010, pp. 1–17. [4] U. Bayer, P. Milani Comparetti, C. Hlauscheck, C. Kruegel, and E. Kirda, “Scalable, behavior-based malware clustering,” in Proc. 16thSymp. NDSS, Feb. 2009, pp. 1–26. [5] F. Bellard, “QEMU: A fast and portable dynamic translator,” in Proc. USENIX Annu. Tech. Conf., Mar. 2005, pp. 41–46. [6] E. Buchanan, R. Roemer, H. Shacham, and S. Savage, “When good instructions go bad: Generalizing return-oriented programming to RISC,” in Proc. 15th ACM Conf. CCS, Oct. 2008, pp. 27–38. [7] J. Butler. (2012, Dec. 12). DKOM (Direct Kernel Object Manipulation) [Online]. Available: http://www.blackhat.com/presentations/winusa- 04/bh-win-04-butler.pdf. [8] (2010). Bypassing Non-Executable-Stack During Exploitation Using Return-to-Libc [Online]. Available: http://www.citeulike.org/user/rvermeulen/author/C0ntex [9] M. Carbone, W. Cui, L. Lu,W. Lee, M. Peinado, and X. Jiang, “Mapping kernel objects to enable systematic integrity checking,” in Proc. 16thACM Conf. CCS, Nov. 2009, pp. 555–565. [10] P. Chen, H. Xiao, X. Shen, X. Yin, B. Mao, and L. Xie, “DROP: Detecting return-oriented programming malicious code,” in Proc. 5thICISS, Dec. 2009, pp. 163–177.