Share Email Print

Proceedings Paper

Dynamic malware analysis using IntroVirt: a modified hypervisor-based system
Author(s): Joshua S. White; Stephen R. Pape; Adam T. Meily; Richard M. Gloo
Format Member Price Non-Member Price
PDF $14.40 $18.00
cover GOOD NEWS! Your organization subscribes to the SPIE Digital Library. You may be able to download this paper for free. Check Access

Paper Abstract

In this paper, we present a system for Dynamic Malware Analysis which incorporates the use of IntroVirt™. IntroVirt is an introspective hypervisor architecture and infrastructure that supports advanced analysis techniques for stealth-malwareanalysis. This system allows for complete guest monitoring and interaction, including the manipulation and blocking of system calls. IntroVirt is capable of bypassing virtual machine detection capabilities of even the most sophisticated malware, by spoofing returns to system call responses. Additional fuzzing capabilities can be employed to detect both malware vulnerabilities and polymorphism.

Paper Details

Date Published: 28 May 2013
PDF: 6 pages
Proc. SPIE 8757, Cyber Sensing 2013, 87570D (28 May 2013); doi: 10.1117/12.2015545
Show Author Affiliations
Joshua S. White, Assured Information Security, Inc. (United States)
Stephen R. Pape, Assured Information Security, Inc. (United States)
Adam T. Meily, Assured Information Security, Inc. (United States)
Richard M. Gloo, Assured Information Security, Inc. (United States)

Published in SPIE Proceedings Vol. 8757:
Cyber Sensing 2013
Igor V. Ternovskiy; Peter Chin, Editor(s)

© SPIE. Terms of Use
Back to Top