抄録
We are developing Alkanet, a system call tracer for malware analysis. However, recent malware infects other processes. Others consist of two or more modules or plug-ins. It is difficult to trace these malware because traditional methods focus on threads or processes. Getting the system call invoker by stack tracing is a traditional method to solve this problem. However, if malware has falsified its stack, this method cannot identify it correctly. In this paper, we describe a method for identifying a system call invoker by branch trace facilities. We consider the effectiveness of branch trace facilities for malware analysis.
| 本文言語 | 英語 |
|---|---|
| ホスト出版物のタイトル | IMECS 2015 - International MultiConference of Engineers and Computer Scientists 2015 |
| 出版社 | Newswood Limited |
| ページ | 145-151 |
| ページ数 | 7 |
| 巻 | 1 |
| ISBN(電子版) | 9789881925329 |
| 出版ステータス | 出版済み - 2015 |
| 外部発表 | はい |
| イベント | International MultiConference of Engineers and Computer Scientists 2015, IMECS 2015 - Tsimshatsui, Kowloon, 香港 継続期間: 3月 18 2015 → 3月 20 2015 |
その他
| その他 | International MultiConference of Engineers and Computer Scientists 2015, IMECS 2015 |
|---|---|
| 国/地域 | 香港 |
| City | Tsimshatsui, Kowloon |
| Period | 3/18/15 → 3/20/15 |
!!!All Science Journal Classification (ASJC) codes
- コンピュータ サイエンス(その他)