Skip to Main content Skip to Navigation
New interface
Conference papers

A Survey on Virtual Machines for Malware Analysis

Daniel Reynaud 1 
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Virtualisation and emulation technologies are increasingly used for malware analysis. However this is not what they were developed for and as a result, new problems arise. This presentation will introduce the different kinds of virtualisation technologies, the problem they try to solve for malware analysts (real-time behavior monitoring) and the currently emerging problems (virtual machine detection and logic bombs). The conclusion of this survey is that perfect monitoring and undetectability are reachable goals for virtual machines, but the detection of logic bombs is intractable. As a result, virtual machines are a handy tool for malware analysts but undetectable real-time monitoring techniques should be developed instead.
Document type :
Conference papers
Complete list of metadata
Contributor : Daniel Reynaud Connect in order to contact the contributor
Submitted on : Friday, November 7, 2008 - 11:42:09 AM
Last modification on : Saturday, June 25, 2022 - 7:39:52 PM


  • HAL Id : inria-00337520, version 1



Daniel Reynaud. A Survey on Virtual Machines for Malware Analysis. 3rd International Workshop on the Theory of Computer Viruses - TCV 08, 2008, Nancy, France. ⟨inria-00337520⟩



Record views