@inproceedings{c2d0feba115240eab07e3fb638bafdf5,
title = "MAS: Malware analysis system based on hardware-assisted virtualization technology",
abstract = "There are many analysis techniques in order to analyze malicious codes. However, recently malicious codes often evade detection using stealthy obfuscation techniques, and attack computing systems. We propose an enhanced dynamic binary instrumentation using hardware-assisted virtualization technology. As a machine-level analyzer, our system can be isolated from almost the whole threats of malware, and provides single step analysis environment. Proposed system also supports rapid system call analysis environment. We implement our malware analysis system (referred as MAS) on the KVM hypervisor with Intel VT-x virtualization support. Our experiments with benchmarks show that the proposed system provides efficient analysis environment with low overhead.",
keywords = "Dynamic Binary Instrumentation, Intel VT, KVM, Malware, Virtualization Technology",
author = "Taehyoung Kim and Inhyuk Kim and Changwoo Min and Eom, \{Young Ik\}",
year = "2010",
doi = "10.1007/978-3-642-17610-4\_15",
language = "English",
isbn = "3642176097",
series = "Communications in Computer and Information Science",
pages = "134--141",
booktitle = "Security Technology, Disaster Recovery and Business Continuity - International Conferences, SecTech and DRBC 2010, Held as Part of the Future Generation Information Technology Conference, FGIT 2010",
note = "2010 International Conferences on Security Technology, SecTech 2010 and Disaster Recovery and Business Continuity, DRBC 2010, Held as Part of the 2nd International Mega-Conference on Future Generation Information Technology, FGIT 2010 ; Conference date: 13-12-2010 Through 15-12-2010",
}