Skip to Main content Skip to Navigation
Conference papers

A Survey on Virtual Machines for Malware Analysis

Daniel Reynaud 1
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Virtualisation and emulation technologies are increasingly used for malware analysis. However this is not what they were developed for and as a result, new problems arise. This presentation will introduce the different kinds of virtualisation technologies, the problem they try to solve for malware analysts (real-time behavior monitoring) and the currently emerging problems (virtual machine detection and logic bombs). The conclusion of this survey is that perfect monitoring and undetectability are reachable goals for virtual machines, but the detection of logic bombs is intractable. As a result, virtual machines are a handy tool for malware analysts but undetectable real-time monitoring techniques should be developed instead.
Document type :
Conference papers
Complete list of metadata

https://hal.inria.fr/inria-00337520
Contributor : Daniel Reynaud <>
Submitted on : Friday, November 7, 2008 - 11:42:09 AM
Last modification on : Tuesday, December 18, 2018 - 4:48:02 PM

Identifiers

  • HAL Id : inria-00337520, version 1

Collections

Citation

Daniel Reynaud. A Survey on Virtual Machines for Malware Analysis. 3rd International Workshop on the Theory of Computer Viruses - TCV 08, 2008, Nancy, France. ⟨inria-00337520⟩

Share

Metrics

Record views

286