Abstract

Malware analysis is critical for malware detection and prevention. To
defeat malware analysis and detection, today malware commonly adopts
various sophisticated anti-detection techniques.  For example, malware
often performs various debugger, emulator, and virtual machine
fingerprinting. These mechanisms produce more and more stealthy
malware that challenges malware analysis schemes.

In this work, we propose Malyzer to defeat malware anti-detection
mechanisms at startup and runtime so that malware behavior during
execution can be accurately captured and distinguished. For analysis,
Malyzer starts a process copy, referred to as a shadow process, on the
same host by defeating anti-detection mechanisms.  Since ultimately
malware will conduct local information harvesting or dispersion,
Malyzer constantly monitors the shadow process's behavior and adopts a
hybrid scheme for its behavior analysis. In our experiments, Malyzer
can accurately detect all malware samples that employ various
anti-detection techniques.


Speaker Bio

Lei Liu is a Ph.D. student in Computer Science Department of George
Mason Univesity. His research interests incude system security,
network application, operation systems and sogrware engineering.
Before pursuing his Ph.D. degree, he has several years' experience in
IT industry.