Please use this identifier to cite or link to this item: http://idr.nitk.ac.in/jspui/handle/123456789/6622
Title: Split personality malware detection and defeating in popular virtual machines
Authors: Kumar, A.V.
Vishnani, K.
Kumar, K.V.
Issue Date: 2012
Citation: Proceedings of the 5th International Conference on Security of Information and Networks, SIN'12, 2012, Vol., , pp.20-26
Abstract: Virtual Machines have gained immense popularity amongst the Security Researchers and Malware Analysts due to their pertinent design to analyze malware without risking permanent infection to the actual system carrying out the tests. This is because during analysis, even if a malware infects and destabilizes the guest OS, the analyst can simply load in a fresh image thus avoiding any damage to the actual machine. However, the cat and mouse game between the Black Hat and the White Hat Hackers is a well established fact. Hence, the malware writers have once again raised their stakes by creating a new kind of malware which can detect the presence of virtual machines. Once it detects that it is running on a virtual machine, it either terminates execution immediately or simply hides its malicious intent and continues to execute in a benign manner thus evading its own detection. This category of malware has been termed as Split Personality malware or Analysis Aware malware in the Information Security jargon. This paper aims at defeating the split personality malware in popular virtual machine environment. This work includes first the study of various virtual machine detection techniques and then development of a method to thwart these techniques from successfully detecting the virtual machines-VirtualBox, VirtualPC and VMware. Copyright � 2012 ACM.
URI: http://idr.nitk.ac.in/jspui/handle/123456789/6622
Appears in Collections:2. Conference Papers

Files in This Item:
File Description SizeFormat 
6622.pdf790.07 kBAdobe PDFThumbnail
View/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.